CuteNews show.inc.php Direct Request Path Disclosure
Remote / Network Access
Loss of Confidentiality
CuteNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the inc/show.inc.php script is directly requested, which will disclose the installation path resulting in a loss of confidentiality.
Upgrade to version 1.4.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.