[原文]ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server.
ACNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'db.inc.' file, which will disclose the installation path of the database resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.