Lucene search

MitreCVE-2006-2250

HistoryMay 09, 2006 - 10:02 a.m.

CVE-2006-2250

2006-05-0910:02:00

mitre

web.nvd.nist.gov

cutenews

cutenews 1.4.1

vulnerability

sensitive information disclosure

remote attack

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message.

Affected configurations

Nvd

Node

cutephpcutenewsMatch1.4.1

VendorProductVersionCPE
cutephpcutenews1.4.1cpe:2.3:a:cutephp:cutenews:1.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cutephp	cutenews	1.4.1	cpe:2.3:a:cutephp:cutenews:1.4.1:::::::*

References

securityreason.com/securityalert/860

www.osvdb.org/25305

www.osvdb.org/25306

www.securityfocus.com/archive/1/433058/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26271

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

Related for CVE-2006-2250