Pi3Web 2.0.0 allows remote malicious users to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character.
pi3 pi3web 2.0.0