There is a <application_name>_doc.php generated for some applications. But this file is accessible on browser directly. if I enter the following URL
http://<any_domain>/<application_folder>/<application_name>_doc.php?nm_nome_doc=<base64en co de_of_your_filename_with_absolute_path>
it is going to return ANY of the files in the web root folder.
I think the SC security option also applies to all related php that was generated.
It needs to be fix asap
We reported this issue over half a year ago, together with 14 other issues. We are still awaiting reply from the SC organization that claims to have solved one issue already (in V9). It was promised that V9 would have these issues fixed before release, but they broke that promise. Yesterday I - again - requested for the status, but even my mails are ignored. One of the reasons why I don’t spend much time here any more.
I definitely do not understand how the SC Team works. 
The SC team don’t appear to like their users - they give us no love here.
They have no idea. Only worry about selling new licences. I always (try to) tell them that it is not the art of finding new customers, but the art of keeping your customers. They will spread the word…
hmm yes I posted a scathing response to a bug I was trying to get sorted, this software is only really suitable for people who can sort most issues themselves. Its a shame because the software is good on the whole but unless some care is given to support customers who have bought it, when there are legitimate issues, then its not really a software I would recommend to anyone.
Hello,
This problem has been fixed internally and will be released in the next version, 9.0.022.
Thank you!
Hey John
Any chance you could get someone to look at this forum and give us a “New posts since last visit” button?
It used to be here, but no more.
You have it on the Portuguese forum.