[原文]CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messages.
CGIScript.net csNews.cgi Invalid Database Information Disclosure
Remote / Network Access
Loss of Confidentiality
csNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an invalid database command is passed, which will disclose installation information resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.