CVE-2010-2859

SimpNews <= 2.47.3 - Information Disclosure via Invalid Lang Parameter

Title source: llm
STIX 2.1

Description

news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512271/100/0/threaded

Scores

EPSS 0.0118
EPSS Percentile 63.9%

Details

CWE
CWE-200
Status published
Products (32)
boesch-it/simpnews 2.0.1
boesch-it/simpnews 2.13
boesch-it/simpnews 2.30
boesch-it/simpnews 2.30.2
boesch-it/simpnews 2.30.6
boesch-it/simpnews 2.31.0
boesch-it/simpnews 2.32.0
boesch-it/simpnews 2.32.1
boesch-it/simpnews 2.33.0
boesch-it/simpnews 2.33.01
... and 22 more
Published Jul 25, 2010
Tracked Since Feb 18, 2026