Advanced File Manager version 3.0 suffers from backup disclosure and cross site scripting vulnerabilities.