An issue exists in LAOBANCMS 2.0. It allows remote malicious users to list .txt files via a direct request for the /data/0/admin.txt URI.
laobancms laobancms 2.0