CVE-2005-3507
published 2005-11-06CVE-2005-3507: Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences…
PriorityP339medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
12.45%
95.7th percentile
Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cutephp | cutenews | <= 1.4.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access
exploitdb·2005-11-02
CVE-2005-3507 CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access
CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/15295/info
CuteNews is affected by a directory traversal vulnerability.
An unauthorized attacker can retrieve or upload arbitrary files by supplying directory traversal strings '../' through an affected URI parameter.
Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. Information obtained through this attack may aid in further attacks against the underlying system.
An attacker may also upload arbitrary scripts, which may be subsequently executed leading to a remote compromise in the context of the server.
CuteNews 1.4.1 is reported to be vulnerable to this issue. Other versions may be affected as w
Exploit-DB
CuteNews 1.4.1 - 'template' Traversal Arbitrary File Access
exploitdb·2005-11-02
CVE-2005-3507 CuteNews 1.4.1 - 'template' Traversal Arbitrary File Access
CuteNews 1.4.1 - 'template' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/15295/info
CuteNews is affected by a directory traversal vulnerability.
An unauthorized attacker can retrieve or upload arbitrary files by supplying directory traversal strings '../' through an affected URI parameter.
Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. Information obtained through this attack may aid in further attacks against the underlying system.
An attacker may also upload arbitrary scripts, which may be subsequently executed leading to a remote compromise in the context of the server.
CuteNews 1.4.1 is reported to be vulnerable to this issue. Other versions may be affected as well.
htt
No writeups or analysis indexed.
http://rgod.altervista.org/cute141.htmlhttp://secunia.com/advisories/17435http://www.osvdb.org/20472http://www.osvdb.org/20473http://www.osvdb.org/20474http://www.securityfocus.com/bid/15295http://www.vupen.com/english/advisories/2005/2296http://rgod.altervista.org/cute141.htmlhttp://secunia.com/advisories/17435http://www.osvdb.org/20472http://www.osvdb.org/20473http://www.osvdb.org/20474http://www.securityfocus.com/bid/15295http://www.vupen.com/english/advisories/2005/2296
2005-11-06
Published