[原文]NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.mdb.
NEXTWEB (i)Site databases/Users.mdb Direct Request Credentials Disclosure
Remote / Network Access
Loss of Confidentiality
NEXTWEB (i)Site contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords when a malicious user makes a direct request for databases/Users.mdb, which may lead to a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.