CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/15295/info CuteNews is affected by a directory traversal vulnerability. An unauthorized attacker can retrieve or upload arbitrary files by supplying directory traversal strings '../' through an affected URI parameter. Exploitation of this vulnerability...