tstisapi.dll in Pi3Web 1.0.1 web server allows remote malicious users to determine the physical path of the server via a URL that requests a non-existent file.
pi3 pi3web 1.0.1