Description
news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.
Affected products
- boesch-it / simpnews2.47.03
- boesch-it / simpnews2.0.1 – 2.0.1
- boesch-it / simpnews2.13 – 2.13
- boesch-it / simpnews2.30 – 2.30
- boesch-it / simpnews2.30.2 – 2.30.2
- boesch-it / simpnews2.30.6 – 2.30.6
- boesch-it / simpnews2.31.0 – 2.31.0
- boesch-it / simpnews2.32.0 – 2.32.0
- boesch-it / simpnews2.32.1 – 2.32.1
- boesch-it / simpnews2.33.0 – 2.33.0
- boesch-it / simpnews2.33.01 – 2.33.01
- boesch-it / simpnews2.34 – 2.34
- boesch-it / simpnews2.34.0 – 2.34.0
- boesch-it / simpnews2.34.01 – 2.34.01
- boesch-it / simpnews2.35.00 – 2.35.00
- boesch-it / simpnews2.36.00 – 2.36.00
- boesch-it / simpnews2.37.00 – 2.37.00
- boesch-it / simpnews2.37.01 – 2.37.01
- boesch-it / simpnews2.37.02 – 2.37.02
- boesch-it / simpnews2.38 – 2.38
- boesch-it / simpnews2.38.02 – 2.38.02
- boesch-it / simpnews2.38.03 – 2.38.03
- boesch-it / simpnews2.38.04 – 2.38.04
- boesch-it / simpnews2.39.0 – 2.39.0
- boesch-it / simpnews2.40.01 – 2.40.01
- boesch-it / simpnews2.41.0 – 2.41.0
- boesch-it / simpnews2.41.02 – 2.41.02
- boesch-it / simpnews2.41.03 – 2.41.03
- boesch-it / simpnews2.42.0 – 2.42.0
- boesch-it / simpnews2.42.01 – 2.42.01
- boesch-it / simpnews2.44.00 – 2.44.00
- boesch-it / simpnews2.47.00 – 2.47.00