Directory Traversal Vulnerability in CuteNews by CuteNews Team
CVE-2006-1925

Currently unrated

Key Information:

Vendor: CutePHP
Status: Cutenews
Vendor: CVE Published:; 20 April 2006

What is CVE-2006-1925?

The CuteNews 1.4.1 version is susceptible to a directory traversal vulnerability located within the editnews module (inc/editnews.mdu) in index.php. This flaw allows remote attackers to interact with files on the server through manipulation of the 'source' parameter during either the editnews or doeditnews actions. Exploitation of this vulnerability can lead to unauthorized access to sensitive files or modifications, and may also trigger cross-site scripting (XSS) when the targeted file is absent.

References

http://www.securityfocus.com/archive/1/431528/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/25935

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/431340/30/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2006
Vulnerability Reserved
Apr 20, 2006

CutePHP

What is CVE-2006-1925?

References

Timeline