4.6
CVSSv2

CVE-2005-1876

Published: 09/06/2005 Updated: 18/10/2016
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Direct code injection vulnerability in CuteNews 1.3.6 and previous versions allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.

Affected Products

Vendor Product Versions
CutephpCutenews1.3.6