Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cutephp cutenews vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2004-1660
PHP remote file inclusion vulnerability in CuteNews 1.3.6 and previous versions allows remote malicious users to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php.
Cutephp Cutenews
445
VMScore
CVE-2006-1339
Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote malicious users to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter i...
Cutephp Cutenews
755
VMScore
CVE-2005-3010
Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and previous versions allows remote malicious users to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.
Cutephp Cutenews
1 EDB exploit
312
VMScore
CVE-2009-4116
Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) edi...
Cutephp Cutenews 1.4.6
435
VMScore
CVE-2006-1925
Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote malicious users to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when t...
Cutephp Cutenews 1.4.1
1 EDB exploit
685
VMScore
CVE-2006-1121
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote malicious users to inject arbitrary web script or HTML via the query string to index.php.
Cutephp Cutenews 1.4.1
1 EDB exploit
668
VMScore
CVE-2007-1153
Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote malicious users to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE...
Cutephp Cutenews 1.3.6
516
VMScore
CVE-2007-6662
Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php.
Cutephp Cutenews 2.6
383
VMScore
CVE-2005-2393
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote malicious users to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php.
Cutephp Cutenews 1.3.6
445
VMScore
CVE-2005-2394
show_news.php in CuteNews 1.3.6 allows remote malicious users to obtain the full path of the server via an invalid archive parameter.
Cutephp Cutenews 1.3.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »