faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 68.8%