CVE-2007-5128

Name of the Vulnerable Software and Affected Versions SimpNews version 2.41.03

Description The issue allows remote attackers to obtain sensitive information via a certain link date parameter to "events.php", which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. This occurs when PHP before version 5.0.0 is used.

Recommendations For SimpNews version 2.41.03, consider updating PHP to version 5.0.0 or later to resolve the issue. As a temporary workaround, restrict access to the "events.php" endpoint to minimize the risk of exploitation. Avoid using the link date parameter in the affected endpoint until the issue is resolved.