Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cutephp cutenews vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-5558
CuteNews 2.0.1 allows remote authenticated malicious users to execute arbitrary PHP code via unspecified vectors.
Cutephp Cutenews 2.0.1
8.8
CVSSv3
CVE-2019-11447
An issue exists in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The h...
Cutephp Cutenews 2.1.2
8 Github repositories
6.1
CVSSv3
CVE-2020-5557
Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Cutephp Cutenews 2.0.1
NA
CVE-2009-4249
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and ...
Cutephp Cutenews 1.4.6
2 EDB exploits
NA
CVE-2009-4250
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allow remote malicious users to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4...
Korn19 Utf-8 Cutenews 2
Korn19 Utf-8 Cutenews 3
Korn19 Utf-8 Cutenews 5
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 7
Korn19 Utf-8 Cutenews 4
Korn19 Utf-8 Cutenews
Korn19 Utf-8 Cutenews 6
2 EDB exploits
NA
CVE-2009-4174
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id paramet...
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
1 EDB exploit
NA
CVE-2009-4172
Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote malicious users to inject arbitrary web script or HTML via the body of a news article in an addnews action.
Korn19 Utf-8 Cutenews 8b
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
2 EDB exploits
NA
CVE-2009-4173
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote malicious users to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the ed...
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
2 EDB exploits
NA
CVE-2009-4175
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote malicious users to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
2 EDB exploits
NA
CVE-2009-4113
Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »