Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter.