Directory Traversal Vulnerability in CuteNews by CuteNews
CVE-2007-6662

Currently unrated

Key Information:

Vendor: CutePHP
Status: Cutenews
Vendor: CVE Published:; 4 January 2008

What is CVE-2007-6662?

A directory traversal vulnerability exists in the file.php component of CuteNews version 2.6. This security flaw allows remote attackers to manipulate the 'file' parameter using '../' sequences, enabling them to read arbitrary files on the server. An attacker could potentially access sensitive information, such as the admin username and password hash stored in 'data/users.db.php', resulting in unauthorized access to the CuteNews system. Organizations using this outdated version should consider applying security patches and updating to prevent exploitation.

References

http://osvdb.org/39885

vdb-entryx_refsource_OSVDB

http://securityreason.com/securityalert/3515

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/485632/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 4, 2008
Vulnerability Reserved
Jan 3, 2008

CutePHP

What is CVE-2007-6662?

References

Timeline