SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26671
http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en