byteHoard 0.7 and 0.71 allows remote malicious users to list arbitrary files and directories via a direct request to files.inc.php.
bytehoard bytehoard 0.7
bytehoard bytehoard 0.71