|
Family: CGI abuses --> Category: infos
CuteNews directory traversal flaw Vulnerability Scan
Vulnerability Scan Summary Checks for CuteNews dir traversal
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web site contains a PHP application that is affected by a
directory traversal flaw.
Description :
The version of CuteNews installed on the remote host fails to sanitize
user-supplied input to the 'template' parameter of the
'show_archives.php' and 'show_news.php' scripts. A possible hacker can
exploit this issue to read arbitrary files and possibly even execute
arbitrary PHP code on the remote host, subject to the rights of
the web server user id.
See also :
http://retrogod.altervista.org/cute141.html
Solution :
Unknown at this time.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|