Summary
Description :
The version of CuteNews installed on the remote host fails to sanitize user-supplied input to the 'template' parameter of the 'show_archives.php' and 'show_news.php' scripts. An attacker can exploit this issue to read arbitrary files and possibly even execute arbitrary PHP code on the remote host, subject to the privileges of the web server user id.
Solution
Unknown at this time.
Severity
Classification
-
CVE CVE-2005-3507 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities