source: https://www.securityfocus.com/bid/24345/info

ASP Folder Gallery is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within the context of the affected webserver. 

http://www.example.com/aspfoldergallery/download_script.asp?file=viewimage.asp