| VID |
21712 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The CuteNews is vulnerable to a PHP Code Injection Vulnerability via the /data/flood.db.php script. CutePHP CuteNews is a freely available PHP based news management software that uses flat files to store the database. CuteNews version 1.4.0 and earlier versions could allow a remote attacker to inject arbitrary PHP code and to execute arbitrary commands on the system, caused by improper validation of user-supplied input passed to the 'HTTP_CLIENT_IP' variable (corresponding to the user-supplied 'Client-IP' HTTP header value) in the flood protection code in '/inc/shows.inc.php' script. By sending a specially-crafted URL request, a remote attacker could exploit this vulnerability to inject PHP code into a temporary file used by the flood protection feature of the application and to execute arbitrary PHP code and operating system commands on the target system.
* References:
http://rgod.altervista.org/cutenews140.html
http://securitytracker.com/alerts/2005/Sep/1014926.html
http://www.securityfocus.com/archive/1/411057
* Platforms Affected:
CutePHP CuteNews version 1.4.0 and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of September 2005.
Upgrade to the new version of CuteNews, when new version fixed this problem becomes available from the CutePHP Web site at http://cutephp.com/cutenews/
As a workaround, restrict access to CuteNews' data directory eg, using a .htaccess file. |
| Related URL |
CVE-2005-3010 (CVE) |
| Related URL |
14869 (SecurityFocus) |
| Related URL |
22311 (ISS) |
|
