CVE-2001-1437

Name of the Vulnerable Software and Affected Versions easyScripts easyNews version 1.5

Description The issue allows remote attackers to obtain the full path of the web root. This is achieved via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out.

Recommendations For easyScripts easyNews version 1.5, consider validating the news message id field to ensure it only accepts integer values to prevent path leakage. As a temporary workaround, consider disabling the view request functionality for non-integer news message id fields until a patch is available.