YaBB SE 1.5.1 allows remote malicious users to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.