ACEweb Online Portal 3.5.065 exists to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.
aceware aceweb online portal