Vulnerabilities > CVE-2005-3507 - Directory Traversal vulnerability in CutePHP CuteNews
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description CuteNews 1.4.1 show_news.php template Parameter Traversal Arbitrary File Access. CVE-2005-3507. Webapps exploit for php platform id EDB-ID:26466 last seen 2016-02-03 modified 2005-11-02 published 2005-11-02 reporter [email protected] source https://www.exploit-db.com/download/26466/ title CuteNews 1.4.1 show_news.php template Parameter Traversal Arbitrary File Access description CuteNews 1.4.1 show_archives.php template Parameter Traversal Arbitrary File Access. CVE-2005-3507. Webapps exploit for php platform id EDB-ID:26465 last seen 2016-02-03 modified 2005-11-02 published 2005-11-02 reporter [email protected] source https://www.exploit-db.com/download/26465/ title CuteNews 1.4.1 show_archives.php template Parameter Traversal Arbitrary File Access
Nessus
NASL family | CGI abuses |
NASL id | CUTENEWS_DIR_TRAVERSAL.NASL |
description | The version of CuteNews installed on the remote host fails to sanitize input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20137 |
published | 2005-11-04 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20137 |
title | CuteNews Multiple Script Traversal Privilege Escalation |