header-logo
Suggest Exploit
vendor:
CuteNews
by:
SecurityFocus
3.3
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: CuteNews
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: NO
Related CWE: N/A
CPE: a:cutephp:cutenews:1.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Information Disclosure Weakness in CuteNews 1.3

An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the exposure of information returned from a call to the phpinfo() function. A malicious person could potentially use information harvested through the exploitation this type of issue to launch future attacks against a target system.

Mitigation:

Ensure that the debug query is not accepted by the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9130/info

An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the exposure of information returned from a call to the phpinfo() function.

A malicious person could potentially use information harvested through the exploitation this type of issue to launch future attacks against a target system.

http://www.example.com/cutenews/index.php?debug

Navigation

Suggest Exploit

Services By CQR