There exists a security vulnerability in the File Manager Download function which can be only exploited when the File Manager Window in the Server is opened (needs to be the Window on the malicious Client). If the File Manager Window is closed then it's not exploitable.

By modifying the Filename to a path like ..\..\file in DoDownloadFileResponse Client packet the Server will accept the file download and place the file outside of the download directory.

Affected versions: v1.0.0.0 - 1.3.0.0