Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1925

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1925
Last Modified 05 Sep 2008 05:03:12
Published 20 Apr 2006 02:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1925

Summary

Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist.

Vulnerable Systems

Application

  • Cutephp Cutenews 1.4.1


References

XF - cutenews-index-source-xss(25935)

BID - 17592

BUGTRAQ - 20060420 Re: CuteNews 1.4.1 <= Cross Site Scripting

BUGTRAQ - 20060418 CuteNews 1.4.1 <= Cross Site Scripting

SREASON - 775


Last Updated: 27 May 2016 10:42:16