CVE-2006-1339

Name of the Vulnerable Software and Affected Versions CuteNews versions 1.4.1 and possibly other versions

Description The issue allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter in an HTTP POST or COOKIE request. This bypasses a sanity check that is only applied to a GET request.

Recommendations For CuteNews version 1.4.1, consider disabling the register globals setting to mitigate the risk of exploitation. As a temporary workaround, restrict access to the inc/functions.inc.php file until a patch is available. Avoid using the archive parameter in HTTP POST or COOKIE requests until the issue is resolved.