CVE-2010-2859

news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.

Date published : 2010-07-23

http://www.securityfocus.com/archive/1/512271/100/0/threaded

http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt