CuteNews < 1.4.6 search.php files_arch Array Arbitrary File Access

Binary data 4324.prm...

CuteNews search.php files_arch Array Arbitrary File Access

The version of CuteNews on the remote host fails to initialize the 'filesarch' array before populating it with a list of files to search in the 'search.php' script. Regardless of PHP's 'registerglobals' setting, an unauthenticated attacker can leverage this issue to determine the existence of...