PT-2005-3308 · Cutenews · Cutenews
Publicado
2005-07-27
·
Atualizado
2008-09-05
·
CVE-2005-2394
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CuteNews version 1.3.6
Description
The issue allows remote attackers to obtain the full path of the server via an invalid
archive parameter in the show news.php file.Recommendations
For CuteNews version 1.3.6, consider validating and sanitizing the
archive parameter in the show news.php file to prevent disclosure of the server's full path. As a temporary workaround, restrict access to the show news.php file until a proper fix is applied.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Cutenews