Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action.