CMS Made Simple 1.1.3.1 allows remote malicious users to obtain the full path via a direct request for unspecified files.
cmsmadesimple cms made simple 1.1.3.1