Jesper Jurcenoks from netVigilance, Inc. (http://netvigilance.com/) has identified flaws in two different files. They allow someone to find out the true path of the server-side scripts.
It is a very low risk as unless the administrator has modified the script the paths are predictable anyway.
Attached is the security advisory from netVigilance in OpenDocument text format.
Logged In: YES
user_id=1497078
Originator: YES
UPDATE: Apologies, the attached file mentioned above was a draft. For the latest:
http://www.netvigilance.com/advisory0009