Published: 31/12/2003 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote malicious users to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cutephp cutenews 0.88

source: wwwsecurityfocuscom/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers Under some circumstances, it is possible for remote attackers to influence the include path for several include files to point to an external file on a remote server If the remote file is a ...

source: wwwsecurityfocuscom/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers Under some circumstances, it is possible for remote attackers to influence the include path for several include files to point to an external file on a remote server If the remote file i ...

source: wwwsecurityfocuscom/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers Under some circumstances, it is possible for remote attackers to influence the include path for several include files to point to an external file on a remote server If the remote fil ...

CWE-94 http://archives.neohapsis.com/archives/bugtraq/2003-02/0320.html http://www.securityfocus.com/bid/6935 http://www.iss.net/security_center/static/11417.php https://nvd.nist.gov https://www.exploit-db.com/exploits/22283/

CVE-2003-1240

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect