CuteNews Directory Traversal Flaw Network Vulnerability

Summary

Description : The version of CuteNews installed on the remote host fails to sanitize user-supplied input to the 'template' parameter of the 'show_archives.php' and 'show_news.php' scripts. An attacker can exploit this issue to read arbitrary files and possibly even execute arbitrary PHP code on the remote host, subject to the privileges of the web server user id.

Solution

Unknown at this time.

Severity

Classification

CVE CVE-2005-3507
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ampache Reflected Cross Site Scripting Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Apache Open For Business HTML injection vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
AlienForm CGI script

CuteNews directory traversal flaw

Take action and discover your vulnerabilities