Mandriva Linux Security Advisory MDKSA-2006-125 - Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files.
85723e50a322f9644980dda1e3c0934b4ec87396b76850aa21a6ad3a88fac807