Directory traversal vulnerability in index.php in Php Photo Album (PHPPA) 0.8 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the preview parameter.