Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.