[原文]MyScrapbook 3.1 allows remote attackers to obtain sensitive information via a direct request to files in the txt-db-api directory such as txt-db-api/sql.php, which reveals the path in an error message.
MyScrapbook txt-db-api/ Directory Multiple Script Direct Request Path Disclosure
Remote / Network Access
Loss of Confidentiality
MyScrapbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when directly requesting scripts found in the 'txt-db-api' directory, which will disclose installation path information resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.