CVE-2005-3592

Name of the Vulnerable Software and Affected Versions CuteNews versions 1.4.0 and earlier

Description The issue allows remote attackers to obtain the installation path of the application by triggering an error message. This can be achieved by entering multiple ../ (dot dot slash) in the archive parameter of the "index.php" endpoint.

Recommendations For CuteNews versions 1.4.0 and earlier, consider restricting access to the archive parameter in the "index.php" endpoint until a fix is available. As a temporary workaround, avoid using the archive parameter with multiple ../ (dot dot slash) entries to minimize the risk of path disclosure.