CVE-2010-2859

CVE-2010-2859

EPSS 1.2%

news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt http://www.securityfocus.com/archive/1/512271/100/0/threaded