Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename.