[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability
- To: philip anselmo <spoonman500@xxxxxxxxxxx>
- Subject: Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability
- From: Francesco Laurita <francesco@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 27 Nov 2006 21:49:48 +0100
philip anselmo ha scritto:
> Vulnerable Code:
> ***************
> require_once("$cutepath/inc/functions.inc.php");
> require_once("$cutepath/data/config.php");
>
> affected file: search.php & show_news.php & show_archives.php
> ----------------------------------------------------------------------
Please mark it as bogus.
$cutepath is defined some lines above:
$cutepath = __FILE__;
Regards