CVE-2007-4872

Name of the Vulnerable Software and Affected Versions: SimpNews version 2.41.03

Description: The issue allows remote attackers to obtain sensitive information. This can be achieved via an invalid lang parameter to the "admin/index.php" endpoint, or by making a direct request to the "admin/dbg infos.php", "admin/heading.php", or "evsearch.php" endpoints. These actions reveal the path in various error messages.

Recommendations: For SimpNews version 2.41.03, consider restricting access to the "admin/dbg infos.php", "admin/heading.php", and "evsearch.php" endpoints to minimize the risk of exploitation. Avoid using an invalid lang parameter in the "admin/index.php" endpoint until the issue is resolved.