CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cutenews | Cutephp | 1.3.6 | 1.3.6 |
Cutenews | Cutephp | 1.3.2 | 1.3.2 |
Cutenews | Cutephp | 0.88 | 0.88 |
Cutenews | Cutephp | 1.3 | 1.3 |
Cutenews | Cutephp | * | 1.4.1 |
Cutenews | Cutephp | 1.4.0 | 1.4.0 |
Cutenews | Cutephp | 1.3.1 | 1.3.1 |