Drupal avatar_uploader v7.x-1.0-beta8 – Arbitrary File Disclosure