[原文]browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in the dir parameter or (2) a direct request to certain php files, which reveal the path in an error message.
Website Baker contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker passes a non-existant directory to the dir variable of the browse.php script causing an error, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.