Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the installation path in an error message via a direct request to (1) big.php and (2) upgrade.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26999
http://www.vupen.com/english/advisories/2006/2249
http://www.securityfocus.com/archive/1/436410/100/0/threaded