CuteNews search.php Unspecified Information Disclosure

2007-12-24T17:19:17
ID OSVDB:39888
Type osvdb
Reporter Janek Vind()
Modified 2007-12-24T17:19:17

Description

Vulnerability Description

CuteNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when unspecified input is passed to the 'search.php' script, which will disclose user-authentication credentials resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CuteNews search.php Unspecified Information Disclosure

References:

Vendor Specific News/Changelog Entry: http://cutephp.com/cutenews/ Secunia Advisory ID:28202 Mail List Post: http://www.securityfocus.com/archive/1/485485 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-12/0287.html ISS X-Force ID: 39242 Bugtraq ID: 27010