[原文]Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files.
Quick.Forum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user directly calls any one of the numerous files located in '/db/' directory. These files may disclose such information as all banned IP addresses, usernames of the forum and all censored words resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.