CVE-2006-1339
CVE-2006-1339 affects CuteNews 1.4.1 (and possibly other versions) via a directory traversal flaw in inc/functions.inc.php. The vulnerability allows an attacker to read arbitrary files by supplying a crafted archive parameter in an HTTP POST or COOKIE request, exploiting a bypassed sanity check w...