[原文]Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Hosting Controller forum.mdb Remote User Credential Disclosure
Remote / Network Access
Loss of Confidentiality
Hosting Controller contains a flaw that may lead to an unauthorized information disclosure. The issue is caused due to user credentials being stored in the "forum/db/forum.mdb" database file inside the web root, which will disclose the administrator's username and password, resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.