CVE-2007-0692

Name of the Vulnerable Software and Affected Versions DGNews version 2.1

Description The issue allows remote attackers to obtain sensitive information via a fullnews request to "news.php" with an invalid newsid parameter. This is achieved through unspecified vectors, which reveal the path in various error messages.

Recommendations For DGNews version 2.1, consider restricting access to the "news.php" endpoint until a patch is available, and avoid using the newsid parameter in this endpoint to minimize the risk of exploitation.