PT-2009-6343 · Cutephp · Cutenews
Publicado
2009-12-02
·
Atualizado
2018-10-10
·
CVE-2009-4175
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CutePHP CuteNews version 1.4.6
CutePHP CuteNews before 8b
Description
The issue allows remote attackers to obtain sensitive information via an invalid date value in the
from date day parameter to "search.php", which reveals the installation path in an error message.Recommendations
For CutePHP CuteNews version 1.4.6, update to version 8b or later to resolve the issue.
For CutePHP CuteNews before 8b, update to version 8b or later to resolve the issue.
As a temporary workaround, consider restricting access to the "search.php" endpoint until a patch is available.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cutenews