[原文]Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password.
Abczone.it WWWguestbook URL Database Information Disclosure
Remote / Network Access
Loss of Confidentiality
Abczone.it WWWgestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user specifies the path of the guestbook database, which will allow the malicious user to download the entire database disclosing all user account information (including administrator login information) resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.