Vulnerabilities > CVE-2005-3507 - Directory Traversal vulnerability in CutePHP CuteNews

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cutephp
nessus
exploit available
NVD
Published: 2005-11-06
Updated: 2011-03-08

Summary

Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.

Vulnerable Configurations

Part Description Count
Application
Cutephp
1

Exploit-Db

  • descriptionCuteNews 1.4.1 show_news.php template Parameter Traversal Arbitrary File Access. CVE-2005-3507. Webapps exploit for php platform
    idEDB-ID:26466
    last seen2016-02-03
    modified2005-11-02
    published2005-11-02
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/26466/
    titleCuteNews 1.4.1 show_news.php template Parameter Traversal Arbitrary File Access
  • descriptionCuteNews 1.4.1 show_archives.php template Parameter Traversal Arbitrary File Access. CVE-2005-3507. Webapps exploit for php platform
    idEDB-ID:26465
    last seen2016-02-03
    modified2005-11-02
    published2005-11-02
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/26465/
    titleCuteNews 1.4.1 show_archives.php template Parameter Traversal Arbitrary File Access

Nessus

NASL familyCGI abuses
NASL idCUTENEWS_DIR_TRAVERSAL.NASL
descriptionThe version of CuteNews installed on the remote host fails to sanitize input to the
last seen2020-06-01
modified2020-06-02
plugin id20137
published2005-11-04
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20137
titleCuteNews Multiple Script Traversal Privilege Escalation

References