CVE-2016-5049 (readydesk)

Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter.

Source: CVE-2016-5049 (readydesk)