Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cutephp vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2005-3010
Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and previous versions allows remote malicious users to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.
Cutephp Cutenews
1 EDB exploit
510
VMScore
CVE-2005-3507
Directory traversal vulnerability in CuteNews 1.4.1 allows remote malicious users to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
Cutephp Cutenews
2 EDB exploits
392
VMScore
CVE-2005-1876
Direct code injection vulnerability in CuteNews 1.3.6 and previous versions allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.
Cutephp Cutenews
435
VMScore
CVE-2006-1925
Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote malicious users to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when t...
Cutephp Cutenews 1.4.1
1 EDB exploit
445
VMScore
CVE-2005-2394
show_news.php in CuteNews 1.3.6 allows remote malicious users to obtain the full path of the server via an invalid archive parameter.
Cutephp Cutenews 1.3.6
580
VMScore
CVE-2019-11447
An issue exists in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The h...
Cutephp Cutenews 2.1.2
8 Github repositories
1000
VMScore
CVE-2008-4557
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote malicious users to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.
Cutephp Cutenews 1.1.1
1 EDB exploit
685
VMScore
CVE-2006-1121
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote malicious users to inject arbitrary web script or HTML via the query string to index.php.
Cutephp Cutenews 1.4.1
1 EDB exploit
765
VMScore
CVE-2003-1240
PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote malicious users to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.
Cutephp Cutenews 0.88
3 EDB exploits
801
VMScore
CVE-2020-5558
CuteNews 2.0.1 allows remote authenticated malicious users to execute arbitrary PHP code via unspecified vectors.
Cutephp Cutenews 2.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »