Wow, this is trivial to exploit -- I recommend people apply the patches immediately. You can't leak file contents, but it's otherwise a fairly standard path traversal attack.