CVE-2010-0403 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0403): Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter.
Please bump!
Seems to be gone from tree.