Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cutephp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-0885
Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote malicious users to inject arbitrary web script or HTML via the show parameter.
Cutephp Cutenews 1.4.1
1 EDB exploit
NA
CVE-2006-2250
CuteNews 1.4.1 allows remote malicious users to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message.
Cutephp Cutenews 1.4.1
NA
CVE-2004-2615
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.
Cutephp Cutenews 1.3.6
6.1
CVSSv3
CVE-2020-5557
Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Cutephp Cutenews 2.0.1
NA
CVE-2006-6300
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote malicious users to inject arbitrary web script or HTML via the result parameter.
Cutephp Cutenews 1.3.6
1 EDB exploit
NA
CVE-2006-3661
Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Cutephp Cutenews 1.4.5
NA
CVE-2005-2393
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote malicious users to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php.
Cutephp Cutenews 1.3.6
NA
CVE-2005-2394
show_news.php in CuteNews 1.3.6 allows remote malicious users to obtain the full path of the server via an invalid archive parameter.
Cutephp Cutenews 1.3.6
8.8
CVSSv3
CVE-2020-5558
CuteNews 2.0.1 allows remote authenticated malicious users to execute arbitrary PHP code via unspecified vectors.
Cutephp Cutenews 2.0.1
NA
CVE-2009-4115
Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the (1) category and (2) Icon URL fields; or (3...
Cutephp Cutenews 1.4.6
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »