Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cutephp cutenews vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-5558
CuteNews 2.0.1 allows remote authenticated malicious users to execute arbitrary PHP code via unspecified vectors.
Cutephp Cutenews 2.0.1
4.3
CVSSv2
CVE-2006-6300
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote malicious users to inject arbitrary web script or HTML via the result parameter.
Cutephp Cutenews 1.3.6
1 EDB exploit
4.3
CVSSv2
CVE-2006-0885
Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote malicious users to inject arbitrary web script or HTML via the show parameter.
Cutephp Cutenews 1.4.1
1 EDB exploit
4.3
CVSSv2
CVE-2006-1925
Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote malicious users to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when t...
Cutephp Cutenews 1.4.1
1 EDB exploit
6.4
CVSSv2
CVE-2006-2250
CuteNews 1.4.1 allows remote malicious users to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message.
Cutephp Cutenews 1.4.1
2.6
CVSSv2
CVE-2006-3661
Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Cutephp Cutenews 1.4.5
4.3
CVSSv2
CVE-2020-5557
Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Cutephp Cutenews 2.0.1
4.6
CVSSv2
CVE-2004-2615
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.
Cutephp Cutenews 1.3.6
7.5
CVSSv2
CVE-2007-1153
Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote malicious users to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE...
Cutephp Cutenews 1.3.6
6.5
CVSSv2
CVE-2019-11447
An issue exists in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The h...
Cutephp Cutenews 2.1.2
8 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »