[原文]Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files.
Easy File Sharing Web Server /log/ Directory Log Disclosure
Remote / Network Access
Loss of Confidentiality
Easy File Sharing Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /log/ directory, which will disclose server logs and potentially sensitive file/user information resulting in a loss of confidentiality.
Upgrade to version 1.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.