CuteNews 1.3 - Debug Query Information Disclosure

Author: scrap
type: webapps
platform: php
port: 
date_added: 2003-12-01 
date_updated: 2012-12-16 
verified: 1 
codes: OSVDB-2880 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/9130/info

An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the exposure of information returned from a call to the phpinfo() function.

A malicious person could potentially use information harvested through the exploitation this type of issue to launch future attacks against a target system.

http://www.example.com/cutenews/index.php?debug