Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3507

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3507
Last Modified 07 Mar 2011 09:26:37
Published 06 Nov 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3507

Summary

Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.

Vulnerable Systems

Application

  • Cutephp Cutenews 1.4.1


References

VUPEN - ADV-2005-2296

SECUNIA - 17435

MISC - http://rgod.altervista.org/cute141.html

BID - 15295

OSVDB - 20474

OSVDB - 20473

OSVDB - 20472


Last Updated: 27 May 2016 10:40:56