News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2343)