|
Family: CGI abuses --> Category: infos
CuteNews Debug Info Disclosure Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of cutenews
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is prone to information
disclosure.
Description :
There is a bug in the remote version of CuteNews that allows a possible hacker
to obtain information from a call to the phpinfo() PHP function such as
the username of the user who installed php, if they are a SUDO user, the
IP address of the host, the web server version, the system version (unix
/ linux), and the root directory of the web server.
See also :
http://www.securityfocus.com/archive/1/346013
Solution:
Disable CuteNews or upgrade to the newest version.
Risk factor:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|