CVE-2010-2859 Information

Description

news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter which reveals the installation path in an error message.

Reference

http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt http://www.securityfocus.com/archive/1/512271/100/0/threaded