Description

SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.

Remediation

References

CVE-2007-5128

Related Vulnerabilities

WordPress Plugin WP Support Plus Responsive Ticket System Cross-Site Scripting (9.1.1)

Microsoft SQL Server CVE-2023-32025 Vulnerability (CVE-2023-32025)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0224)

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9251)

WordPress Plugin IP Logger 'map-details.php' SQL Injection (3.0)

Severity

Medium

Classification

CVE-2007-5128 CWE-20

Tags

Missing Update Known Vulnerabilities