It's possible to bypass filtering with URL like …/…/// and retrieve any file from from the system.
vulners.com/securityvulns/securityvulns:doc:7787