Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and previous versions allows remote malicious users to obtain the full path via unspecified vectors.