Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder.