Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3592

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3592
Last Modified 07 Mar 2011 09:26:49
Published 16 Nov 2005 02:42:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3592

Summary

index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter.

Vulnerable Systems

Application

  • Cutephp Cutenews 1.4.0


References

MISC - http://www.securityinfo.ru/2005/11/____cutenews_140.html

BUGTRAQ - 20051107 Path disclosure in CuteNews <= 1.4.0


Last Updated: 27 May 2016 10:40:59