Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cutephp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-6662
Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php.
Cutephp Cutenews 2.6
NA
CVE-2006-1121
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote malicious users to inject arbitrary web script or HTML via the query string to index.php.
Cutephp Cutenews 1.4.1
1 EDB exploit
NA
CVE-2009-4173
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote malicious users to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the ed...
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
2 EDB exploits
NA
CVE-2009-4174
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id paramet...
Korn19 Utf-8 Cutenews 8
Cutephp Cutenews 1.4.6
1 EDB exploit
NA
CVE-2009-4113
Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
NA
CVE-2009-4175
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote malicious users to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
2 EDB exploits
NA
CVE-2009-4172
Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote malicious users to inject arbitrary web script or HTML via the body of a news article in an addnews action.
Korn19 Utf-8 Cutenews 8
Korn19 Utf-8 Cutenews 8b
Cutephp Cutenews 1.4.6
2 EDB exploits
NA
CVE-2009-4250
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allow remote malicious users to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4...
Korn19 Utf-8 Cutenews 4
Korn19 Utf-8 Cutenews 3
Korn19 Utf-8 Cutenews 7
Korn19 Utf-8 Cutenews 6
Korn19 Utf-8 Cutenews 5
Korn19 Utf-8 Cutenews 2
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4