<<< Date Index >>>     <<< Thread Index >>>

Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability



philip anselmo ha scritto:
> Vulnerable Code:
> ***************
> require_once("$cutepath/inc/functions.inc.php");
> require_once("$cutepath/data/config.php");
>
> affected file: search.php & show_news.php & show_archives.php
> ----------------------------------------------------------------------
Please mark it as bogus.
$cutepath is defined some lines above:

$cutepath =  __FILE__;

Regards