source: https://www.securityfocus.com/bid/15436/info
 
phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
 
An attacker may leverage these issues to obtain sensitive information that may help with further attacks on the affected computer. 

http://www.example.com/phpwcms/img/random_image.php?imgdir=../../../etc/