It's possible to access directories where sensitive information can be potentially stored through web interface.
vulners.com/securityvulns/securityvulns:doc:12626