Sendform.cgi v1.4.4 and below has a directory traversal vulnerability which allows remote attackers to read any file with the privileges of the web server. Fix available here. Bugtraq ID 5286.
694cdf39c7befd0a99c544d8c6c02d17f57020d35701886d6ec90789a6b1f585