CuteNews <= 1.4.1 Directory Traversal Arbitrary File Access

medium Nessus Network Monitor Plugin ID 3279

Synopsis

The remote host is running a version of CuteNews that allows an attacker to upload or download files outside of the web root directory.

Description

According to its version number, the remote host is running a version of CuteNews that allows an attacker to upload or download files outside of the web root directory. This can lead to an attack against both confidentiality and integrity. An attacker exploiting this flaw would simply send a malformed request including a '../' in the request. Successful exploitation leads to writing or reading arbitrary files outside of the web root.

Solution

Upgrade to a version of CuteNews higher than 1.4.1.

See Also

http://cutephp.com/cutenews

Plugin Details

Severity: Medium

ID: 3279

Family: Web Servers

Published: 11/3/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:cutephp:cutenews

Reference Information

CVE: CVE-2005-3507, CVE-2006-1339, CVE-2006-1340

BID: 17152, 15295