Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cutephp vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2009-4116
Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) edi...
Cutephp Cutenews 1.4.6
2.6
CVSSv2
CVE-2009-4249
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and ...
Cutephp Cutenews 1.4.6
2 EDB exploits
6.8
CVSSv2
CVE-2006-1121
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote malicious users to inject arbitrary web script or HTML via the query string to index.php.
Cutephp Cutenews 1.4.1
1 EDB exploit
6.5
CVSSv2
CVE-2019-11447
An issue exists in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The h...
Cutephp Cutenews 2.1.2
8 Github repositories
4.3
CVSSv2
CVE-2006-1925
Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote malicious users to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when t...
Cutephp Cutenews 1.4.1
1 EDB exploit
6.4
CVSSv2
CVE-2006-2250
CuteNews 1.4.1 allows remote malicious users to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message.
Cutephp Cutenews 1.4.1
4.3
CVSSv2
CVE-2006-6300
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote malicious users to inject arbitrary web script or HTML via the result parameter.
Cutephp Cutenews 1.3.6
1 EDB exploit
2.6
CVSSv2
CVE-2006-3661
Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Cutephp Cutenews 1.4.5
7.5
CVSSv2
CVE-2007-1153
Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote malicious users to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE...
Cutephp Cutenews 1.3.6
4.3
CVSSv2
CVE-2006-0885
Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote malicious users to inject arbitrary web script or HTML via the show parameter.
Cutephp Cutenews 1.4.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »