CutePHP CuteNews Function.PHP Local File Include Vulnerability
BID:17152
Info
CutePHP CuteNews Function.PHP Local File Include Vulnerability
| Bugtraq ID: | 17152 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2006 12:00AM |
| Updated: | Mar 20 2006 10:34PM |
| Credit: | Hamid Ebadi is credited with the discovery of this vulnerability. |
| Vulnerable: |
CutePHP CuteNews 1.4.1 |
| Not Vulnerable: | |
Discussion
CutePHP CuteNews Function.PHP Local File Include Vulnerability
CuteNews is prone to a local file-include vulnerability. This may facilitate the unauthorized viewing of files and unauthorized execution of local scripts.
Version 1.4.1 is vulnerable; other versions may also be affected.
CuteNews is prone to a local file-include vulnerability. This may facilitate the unauthorized viewing of files and unauthorized execution of local scripts.
Version 1.4.1 is vulnerable; other versions may also be affected.
Exploit / POC
CutePHP CuteNews Function.PHP Local File Include Vulnerability
This issue can be exploited through use of a web client.
This issue can be exploited through use of a web client.
Solution / Fix
CutePHP CuteNews Function.PHP Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
CutePHP CuteNews Function.PHP Local File Include Vulnerability
References:
References:
- cutenews 1.4.1 Arbitrary File Access (Hamid Ebadi)
- CuteNews Home Page (CutePHP)