It indicates a file disclosure vulnerability in cattaDoc, an open source document management solution. This issue is due to an input validation error in the "download2.php" script that fails to validate the "fn1" parameter. As a result remote attackers may be able to read arbitrary files.
cattaDoc version 3.0 and prior.
cattaDoc version 2.21 and prior.
Currently we are not aware of any official supplied fix for issue.
C-Arbre Web site,http://cattadoc.com/