A vulnerability exists in Jason Rahaim's MP3Mystic Server which allows a remote user to traverse the directories of a target host. This may lead to the disclosure of file and directory contents. Arbitrary directories can be accessed through the inclusion of double dot '../' sequences when submitting a URL.
MP3Mystic contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.
Upgrade to version 1.04b3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.