6.1 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.5%
WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php.
marc.info/?l=bugtraq&m=112611504519410&w=2
secunia.com/advisories/16727/