Sage 1.0 b3 allows remote malicious users to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.
source: wwwsecurityfocuscom/bid/6893/info
Sage Content Management System contains a path disclosure vulnerability When a request is made for a module that does not exist, the returned error message contains the full path to the Sage installation directory
Disclosed path information could be used to launch further attacks against the sy ...