Directory traversal vulnerability in Amaxus 3 and previous versions allows remote malicious users to access arbitrary files via ".." sequences in the change parameter.
box uk amaxus 3