CVE-2007-1597

Name of the Vulnerable Software and Affected Versions Unclassified NewsBoard version 1.6.3

Description The issue allows remote attackers to obtain sensitive information due to insufficient access control. This includes accessing the board log, mail and private message log, SQL error message log, and IP log via direct requests for specific log files, such as "logs/board-YYYY-MM-DD.log", "logs/email-YY-MM-DD-HH-MM-SS.log", "logs/error-YY-MM.log", and "logs/ip.log".

Recommendations For Unclassified NewsBoard version 1.6.3, consider restricting access to the logs directory to prevent remote attackers from obtaining sensitive information. As a temporary workaround, restrict access to the vulnerable log files until a patch is available.