CVE-2007-4861

Name of the Vulnerable Software and Affected Versions: SAXON version 5.4

Description: The issue allows remote attackers to obtain sensitive information via various vectors, including direct requests and invalid parameter usage in scripts within the admin, rss, and root directories. This is possible when display errors is enabled, leading to the revelation of the path in error messages.

Recommendations: For SAXON version 5.4, disable the display errors setting to prevent sensitive information disclosure. Additionally, restrict access to the admin, rss, and root directories to minimize the risk of exploitation. Avoid using invalid parameters, such as the newsid array parameter, in scripts like admin/edit-item.php until the issue is resolved.