Path Disclosure Vulnerability in CuteNews by CutePHP
CVE-2009-4175

Currently unrated

Key Information:

Vendor: CutePHP
Status: Cutenews; Utf-8 Cutenews
Vendor: CVE Published:; 2 December 2009

What is CVE-2009-4175?

An exposure vulnerability exists in CuteNews and UTF-8 CuteNews applications that allows remote attackers to retrieve sensitive information. This is triggered by passing an invalid date value in the from_date_day parameter to the search.php script, which leads to the revelation of the installation path through an error message. It is crucial for users of these systems to ensure proper input validation mechanisms are in place to mitigate this risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/54235

vdb-entryx_refsource_XF

http://www.morningstarsecurity.com/advisories/MORNINGSTAR...

x_refsource_MISC

http://www.securityfocus.com/archive/1/507782/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2009
Vulnerability Reserved
Dec 2, 2009