Description

SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.

Remediation

References

CVE-2007-5128

Related Vulnerabilities

WordPress Plugin Sliced Invoices-WordPress Invoice Multiple Vulnerabilities (3.8.2)

Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25609)

Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-28735)

WordPress Plugin Markup (JSON-LD) structured in schema.org Cross-Site Scripting (4.8.1)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (4.0.2)

Severity

Medium

Classification

CVE-2007-5128 CWE-20

Tags

Missing Update Known Vulnerabilities