CVE 2005-4384
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/
See the 
CVE page on Mitre.org
for more details.
