index.php in SoftBB 0.1, and possibly earlier, allows remote malicious users to obtain the installation path via a null or invalid page[] parameter.
softbb softbb