Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cutephp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1153
Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote malicious users to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE...
Cutephp Cutenews 1.3.6
NA
CVE-2004-2615
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.
Cutephp Cutenews 1.3.6
NA
CVE-2009-4173
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote malicious users to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the ed...
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
2 EDB exploits
NA
CVE-2009-4174
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id paramet...
Korn19 Utf-8 Cutenews 8
Cutephp Cutenews 1.4.6
1 EDB exploit
NA
CVE-2009-4175
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote malicious users to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
2 EDB exploits
NA
CVE-2009-4113
Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews 8
NA
CVE-2009-4172
Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote malicious users to inject arbitrary web script or HTML via the body of a news article in an addnews action.
Korn19 Utf-8 Cutenews 8
Korn19 Utf-8 Cutenews 8b
Cutephp Cutenews 1.4.6
2 EDB exploits
NA
CVE-2009-4250
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allow remote malicious users to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4...
Korn19 Utf-8 Cutenews 4
Korn19 Utf-8 Cutenews 3
Korn19 Utf-8 Cutenews 7
Korn19 Utf-8 Cutenews 6
Korn19 Utf-8 Cutenews 5
Korn19 Utf-8 Cutenews 2
Cutephp Cutenews 1.4.6
Korn19 Utf-8 Cutenews
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4