Well I just found a security issue with my company's website thats potentially been there for YEARS

You can just fucjing bypass the login screen and access any file. You do have to know the filename and path from the site root. But I doubt that matters to anyone willing to try hard enough. I'm sure there's tools to find the paths

Especially since the files names are fucking predictable 🙄 😒