CuteNews 1.3 - Debug Query Information Disclosure

EDB-ID:

23406

CVE:



Author:

scrap

Type:

webapps


Platform:

PHP

Date:

2003-12-01


source: https://www.securityfocus.com/bid/9130/info

An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the exposure of information returned from a call to the phpinfo() function.

A malicious person could potentially use information harvested through the exploitation this type of issue to launch future attacks against a target system.

http://www.example.com/cutenews/index.php?debug