Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdb[email protected]EDB-ID:26466
HistoryNov 02, 2005 - 12:00 a.m.

CuteNews 1.4.1 - 'template' Traversal Arbitrary File Access

2005-11-0200:00:00
[email protected]
www.exploit-db.com
14

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/15295/info
 
CuteNews is affected by a directory traversal vulnerability.
 
An unauthorized attacker can retrieve or upload arbitrary files by supplying directory traversal strings '../' through an affected URI parameter.
 
Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. Information obtained through this attack may aid in further attacks against the underlying system.
 
An attacker may also upload arbitrary scripts, which may be subsequently executed leading to a remote compromise in the context of the server.
 
CuteNews 1.4.1 is reported to be vulnerable to this issue. Other versions may be affected as well.

http://www.example.com/cute141/show_news.php?template=../../../../../../../../boot.ini%00
http://www.example.com/cute141/show_news.php?template=../../../../../../../../[script]

Related

openvas 1
cvelist 1
exploitdb 1
nvd 1
cve 1
nessus 1
openvas
openvas
CuteNews directory traversal flaw
2006-03-26 00:00:00
cvelist
cvelist
CVE-2005-3507
2005-11-06 11:00:00
exploitdb
exploitdb
CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access
2005-11-02 00:00:00
nvd
nvd
CVE-2005-3507
2005-11-06 11:02:00
cve
cve
CVE-2005-3507
2005-11-06 11:02:00
nessus
nessus
CuteNews Multiple Script Traversal Privilege Escalation
2005-11-04 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:26466
openvas1cvelist1exploitdb1nvd1cve1nessus1