Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6662


Vulnerability Score 5.8 5.8
CVE Id CVE-2007-6662
Last Modified 15 Nov 2008 02:06:01
Published 04 Jan 2008 06:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php.

Vulnerable Systems


  • Cutephp Cutenews 2.6


BUGTRAQ - 20071229 CuteNews Arbitrary File Download AllVersion

OSVDB - 39885

XF - cutenews-file-directory-traversal(39328)

SREASON - 3515

Last Updated: 27 May 2016 10:46:35