CVE-2007-6660
2z project 0.9.6.1 allows remote attackers to obtain sensitive information via 1 a request to index.php with an invalid template or 2 a request to the default URI with certain year and month parameters, which reveals the path in various error messages...