xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter.Referenceshttp://www.securityfocus.com/archive/1/418518/100/0/threaded
