[原文]SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account.
[CNNVD]SmartWebby Smart Guest Book SmartGuestBook.mdb（又称“news database”）信息泄露漏洞(CNNVD-200412-1072)
Smart Guest Book contains a flaw that may allow a malicious user to download database file SmartGuestBook.mdb. The issue is part of the default installation. It is possible that the flaw may allow a malicious user to access the administrative username and password resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Place the database file in a separate database directory and restrict access to it.