Sysaid – CWE-552: Files or Directories Accessible to External Parties - 

Authenticated users may exfiltrate files from the server via an unspecified method.Read More