BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.
CVSS Metrics
