CuteNews 1.3 - Debug Query Information Disclosure

EDB-ID:

23406

CVE:


Author:

scrap

Type:

webapps

Platform:

PHP

Published:

2003-12-01

source: https://www.securityfocus.com/bid/9130/info

An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the exposure of information returned from a call to the phpinfo() function.

A malicious person could potentially use information harvested through the exploitation this type of issue to launch future attacks against a target system.

http://www.example.com/cutenews/index.php?debug