1) Vrating Lets Remote Users Read and edit the files
A bug has encountred in vrating 4.01, 4.0, a remote user can view and edit the settings.php file.
the file settings.php not have protection, so a remote user can view file and view the settings website including mysql host, database, username and password.
2) Vrating default admin dir has not protected witch a password, remote users can view and edit a website configuration and access the configuration control panel.
