Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb.Referenceshttp://hamid.ir/security/acidcat.txthttp://secunia.com/advisories/18097http://www.osvdb.org/22491http://www.securityfocus.com/archive/1/419905/100/0/threadedhttp://www.securityfocus.com/bid/15933
