languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.