Direct code injection vulnerability in CuteNews 1.3.6 and previous versions allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cutephp cutenews |