Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories.Referenceshttp://www.securityfocus.com/archive/1/434692/100/0/threadedhttp://securityreason.com/securityalert/937https://exchange.xforce.ibmcloud.com/vulnerabilities/26610
