There is a Arbitrary file download attack at " File Management column"(administrator authority)

[7wkajk]

First, we enter the background and use the administrator admin we created:

Let's click "file management" on the left:

Then use Burp Suite and click Download to grab the request package

Changing the “path” parameter