Summary
Description :
The version of CuteNews installed on the remote host fails to sanitize user-supplied input to the 'template' parameter of the 'show_archives.php' and 'show_news.php' scripts. An attacker can exploit this issue to read arbitrary files and possibly even execute arbitrary PHP code on the remote host, subject to the privileges of the web server user id.
Solution
Unknown at this time.
Severity
Classification
-
CVE CVE-2005-3507 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Ampache Reflected Cross Site Scripting Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability