Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file.
https://exchange.xforce.ibmcloud.com/vulnerabilities/15885
http://sourceforge.net/project/shownotes.php?release_id=231421