YabbSE 1.5.5c allows remote malicious users to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path.
yabb yabb 1.5.5c