A vulnerability has been identified in IDMOS, which could be exploited by attackers to gain unauthorized read access to arbitrary files. This issue is caused by an input validation error in the "administrator/download.php" script that does not validate the "fileName" parameter before being passed as an argument to a "readfile()" call, which could be exploited by malicious people to download arbitrary files from a vulnerable server via directory traversal attacks.
