rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.Referenceshttps://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29006-POC.py