Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
Simple Online Planning Tool version 1.32 suffers from code execution, cross site scripting, remote SQL injection, information disclosure, and path traversal vulnerabilities.