[转载]aeNovo数据库目录泄露漏洞

信息来源：ACE

Summary
aeNovo is "a web content management system". Due to improper file permission settings in aeNovo, a remote user can download the product's mdb file (Database file) and gain access to sensitive information.

Credit:
The information has been provided by farhad koosha.

Details
Exploit:
By accessing the directory /dbase/ and the file aeNovo1.mdb, a remote attacker can access the aeNovo's database, and pull from it sensitive information such as the administrative username and password.