sysinfo.cgi in sysinfo 1.21 allows remote malicious users to obtain the installation path via the debugger action.
coder-world sysinfo 1.21