EmpireCMS 6.6 up to and including 7.2 allows remote malicious users to discover the full path via an array value for a parameter to class/connect.php.
phome empirecms