Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cutephp cutenews vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2006-3661
Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Cutephp Cutenews 1.4.5
7.5
CVSSv2
CVE-2003-1240
PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote malicious users to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.
Cutephp Cutenews 0.88
3 EDB exploits
6.5
CVSSv2
CVE-2009-4113
Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
6.8
CVSSv2
CVE-2009-4173
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote malicious users to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the ed...
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
2 EDB exploits
6
CVSSv2
CVE-2009-4174
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id paramet...
Korn19 Utf-8 Cutenews 8
Cutephp Cutenews 1.4.6
1 EDB exploit
5
CVSSv2
CVE-2009-4175
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote malicious users to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
2 EDB exploits
2.6
CVSSv2
CVE-2009-4172
Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote malicious users to inject arbitrary web script or HTML via the body of a news article in an addnews action.
Korn19 Utf-8 Cutenews 8
Korn19 Utf-8 Cutenews 8b
Cutephp Cutenews 1.4.6
2 EDB exploits
4.3
CVSSv2
CVE-2009-4250
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allow remote malicious users to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4...
Korn19 Utf-8 Cutenews 4
Korn19 Utf-8 Cutenews 3
Korn19 Utf-8 Cutenews 7
Korn19 Utf-8 Cutenews 6
Korn19 Utf-8 Cutenews 5
Korn19 Utf-8 Cutenews 2
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4