CuteNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when unspecified input is passed to the 'search.php' script, which will disclose user-authentication credentials resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
CuteNews search.php Unspecified Information Disclosure
Vendor Specific News/Changelog Entry: http://cutephp.com/cutenews/ Secunia Advisory ID:28202 Mail List Post: http://www.securityfocus.com/archive/1/485485 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-12/0287.html ISS X-Force ID: 39242 Bugtraq ID: 27010