[原文]Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb.
Acidcat CMS acidcat.mdb Remote Information Disclosure
Remote / Network Access
Loss of Confidentiality
Acidcat CMS contains a flaw that may lead to an unauthorized information disclosure. The 'acidcat.mdb' database is installed in a web accessible folder by default. An attacker could download the database without authorization resulting in a loss of confidentiality.
Upgrade to version 2.1.14 or higher, as it has been reported to fix this vulnerability. In addition, Acidcat Multimedia has released a patch for some older versions.