Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter.