[原文]Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
petitforum liste.txt Direct Request Remote Information Disclosure
Remote / Network Access
Loss of Confidentiality
petitforum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a direct request to the liste.txt file occurs, which will disclose user account information resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): use .htaccess file controls to restrict access to the liste.txt file.