[原文]Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php.
Chipmunk Guestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially crafted URL to the 'start' variable in index.php, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.