listmembers.php in EQdkp 1.3.2c and previous versions allows remote malicious users to obtain sensitive information via an invalid compare parameter, which reveals the path.
eqdkp eqdkp