CuteNews search.php Unspecified Information Disclosure

ID OSVDB:39888
Type osvdb
Reporter Janek Vind()
Modified 2007-12-24T17:19:17


Vulnerability Description

CuteNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when unspecified input is passed to the 'search.php' script, which will disclose user-authentication credentials resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CuteNews search.php Unspecified Information Disclosure


Vendor Specific News/Changelog Entry: Secunia Advisory ID:28202 Mail List Post: Mail List Post: ISS X-Force ID: 39242 Bugtraq ID: 27010