RW::Download version 4.0.8 suffers from remote and local file inclusion and remote SQL injection vulnerabilities.