An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files.
