PT-2009-6343 · Cutephp · Cutenews

Published

2009-12-02

Updated

2018-10-10

CVE-2009-4175

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CutePHP CuteNews version 1.4.6 CutePHP CuteNews before 8b

Description The issue allows remote attackers to obtain sensitive information via an invalid date value in the from date day parameter to "search.php", which reveals the installation path in an error message.

Recommendations For CutePHP CuteNews version 1.4.6, update to version 8b or later to resolve the issue. For CutePHP CuteNews before 8b, update to version 8b or later to resolve the issue. As a temporary workaround, consider restricting access to the "search.php" endpoint until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2009-4175

Affected Products

Cutenews

PT-2009-6343 · Cutephp · Cutenews

CVE-2009-4175

Weakness Enumeration

Related Identifiers

Affected Products

References · 7