Powerboards 2.2b allows remote attackers to view the full path to the backend database by sending a cookie containing a non-existent username to profiles.php, which displays the full path in the error message.