Directory traversal vulnerability in gastbuch.php in G?stebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.