CVE-2007-4873

Name of the Vulnerable Software and Affected Versions: SimpNews version 2.41.03

Description: The issue allows remote attackers to download arbitrary .inc files via a direct request due to insufficient access control of sensitive information stored under the web root. This can be demonstrated by accessing files such as admin/includes/dbtables.inc.

Recommendations: For SimpNews version 2.41.03, consider restricting direct access to .inc files under the web root to prevent unauthorized downloads until a proper fix is applied. As a temporary workaround, restrict access to sensitive directories such as admin/includes/ to minimize the risk of exploitation.