CVE-2010-2859
SimpNews <= 2.47.3 - Information Disclosure via Invalid Lang Parameter
Title source: llmDescription
news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512271/100/0/threaded
Exploit x_refsource_misc
http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt
Scores
EPSS
0.0118
EPSS Percentile
63.9%
Details
CWE
CWE-200
Status
published
Products (32)
boesch-it/simpnews
2.0.1
boesch-it/simpnews
2.13
boesch-it/simpnews
2.30
boesch-it/simpnews
2.30.2
boesch-it/simpnews
2.30.6
boesch-it/simpnews
2.31.0
boesch-it/simpnews
2.32.0
boesch-it/simpnews
2.32.1
boesch-it/simpnews
2.33.0
boesch-it/simpnews
2.33.01
... and 22 more
Published
Jul 25, 2010
Tracked Since
Feb 18, 2026