Manager can also let attackers check if arbitrary files exist on systems without logging in, doesn’t protect against brute force login attacks, and stores PHP session files in the web root ...