74cmsSE v3.4.1 exists to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.
74cms 74cms 3.4.1