Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cutephp cutenews vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-3507
Directory traversal vulnerability in CuteNews 1.4.1 allows remote malicious users to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
Cutephp Cutenews
2 EDB exploits
4.4
CVSSv2
CVE-2005-1876
Direct code injection vulnerability in CuteNews 1.3.6 and previous versions allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.
Cutephp Cutenews
7.5
CVSSv2
CVE-2004-1660
PHP remote file inclusion vulnerability in CuteNews 1.3.6 and previous versions allows remote malicious users to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php.
Cutephp Cutenews
4.3
CVSSv2
CVE-2005-2393
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote malicious users to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php.
Cutephp Cutenews 1.3.6
5
CVSSv2
CVE-2005-2394
show_news.php in CuteNews 1.3.6 allows remote malicious users to obtain the full path of the server via an invalid archive parameter.
Cutephp Cutenews 1.3.6
4.3
CVSSv2
CVE-2006-6300
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote malicious users to inject arbitrary web script or HTML via the result parameter.
Cutephp Cutenews 1.3.6
1 EDB exploit
2.6
CVSSv2
CVE-2009-4249
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and ...
Cutephp Cutenews 1.4.6
2 EDB exploits
3.5
CVSSv2
CVE-2009-4116
Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) edi...
Cutephp Cutenews 1.4.6
7.5
CVSSv2
CVE-2007-1153
Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote malicious users to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE...
Cutephp Cutenews 1.3.6
4.6
CVSSv2
CVE-2004-2615
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.
Cutephp Cutenews 1.3.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »