CVE-2005-2897 Information

Description

WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory which reveal the path in an error message as demonstrated using cat.add.php.

Reference

http://marc.info/?l=bugtraq&m=112611504519410&w=2 http://secunia.com/advisories/16727/