CVE-2005-2897

Name of the Vulnerable Software and Affected Versions WEB//NEWS version 1.4

Description The issue allows remote attackers to obtain sensitive information via a direct request to files in the actions directory. This is possible because the error messages from these files reveal the path. For example, this can be demonstrated by accessing the "cat.add.php" file.

Recommendations For WEB//NEWS version 1.4, consider restricting access to the actions directory to prevent remote attackers from obtaining sensitive information. As a temporary workaround, modify the error handling to prevent the disclosure of sensitive path information.