CVE-2005-3592

index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter.

Date published : 2005-11-16

http://marc.info/?l=bugtraq&m=113140342029880&w=2

http://www.securityinfo.ru/2005/11/____cutenews_140.html