source: https://www.securityfocus.com/bid/7125/info
Kebi Academy 2001 does not sufficiently validate input supplied via URI parameters. As a result it has been reported that it is possible to retrieve arbitrary files which are readable by the web server. It has also been reported that it is possible to upload malicious files to the server. This could result in disclosure of sensitive information or execution of arbitrary commands in the context of the web server.
http://www.example.com/k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor