web-app.org WebAPP prior to 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING.
web-app.org webapp