CVE-2005-3507 Information

Description

Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files execute code and gain privileges via ../\ sequences in the template parameter to (1) show_archives.php and (2) show_news.php.

Reference

http://rgod.altervista.org/cute141.html http://secunia.com/advisories/17435 http://www.osvdb.org/20472 http://www.osvdb.org/20473 http://www.osvdb.org/20474 http://www.securityfocus.com/bid/15295 http://www.vupen.com/english/advisories/2005/2296