Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.