export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/31244http://secunia.com/secunia_research/2006-76/advisory/http://osvdb.org/32563http://www.securityfocus.com/bid/21870http://secunia.com/advisories/21694
