Directory Traversal Vulnerability in CuteNews by CuteNews Team
CVE-2005-3507

Currently unrated

Key Information:

Vendor

CutePHP

Status
Cutenews
Vendor
CVE Published:
6 November 2005

What is CVE-2005-3507?

A directory traversal vulnerability exists in CuteNews version 1.4.1 that allows remote attackers to manipulate the file structure by using '../' sequences. This flaw enables unauthorized access to sensitive files, potential code execution, and privilege escalation through the template parameter in the show_archives.php and show_news.php scripts. Users of CuteNews are recommended to apply necessary updates and implement security measures to mitigate the risk posed by this vulnerability.

References

http://www.osvdb.org/20474
vdb-entryx_refsource_OSVDB
http://www.osvdb.org/20473
vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/17435
third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2005-3507 : Directory Traversal Vulnerability in CuteNews by CuteNews Team