Path Disclosure Vulnerability in CuteNews by CuteNews
CVE-2005-3592

Currently unrated

Key Information:

Vendor: CutePHP
Status: Cutenews
Vendor: CVE Published:; 16 November 2005

What is CVE-2005-3592?

The CuteNews application versions 1.4.0 and earlier contain a path disclosure vulnerability that allows remote attackers to expose the installation path of the application's server. This is achieved by exploiting an error message response triggered by inputting multiple '../' sequences in the 'archive' parameter. An attacker can potentially leverage this information to facilitate further attacks on the application or the underlying server environment.

References

http://marc.info/?l=bugtraq&m=113140342029880&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityinfo.ru/2005/11/____cutenews_140.html

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2005
Vulnerability Reserved
Nov 16, 2005

CutePHP

What is CVE-2005-3592?

References

Timeline