[原文]BookReview beta 1.0 allows remote attackers to obtain the path of the web server via certain parameters to search.htm, possibly due to a search[string] parameter with a missing value or an incorrect submit[type] value, which reveals the path in the resulting error message. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE.
BookReview contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate user-supplied input upon submission to the 'search.htm' script, which will reveal the installation path resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.