Published: 02/12/2009 Updated: 10/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews prior to 8b allows remote malicious users to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cutephp cutenews 1.4.6
korn19 utf-8 cutenews 8

source: wwwsecurityfocuscom/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues Note that exploits for some of the issues may require administrator privilege Successfu ...

MorningStar Security - Advisory wwwmorningstarsecuritycom/ Multiple security issues in Cute News and UTF-8 Cute News 1 Advisory Information ------------------------------------------------------------------------------------------------------------------------ Title: Multiple security issues in Cute News and UTF-8 Cute News Advisory ID ...

CWE-352 http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt http://www.securityfocus.com/bid/36971 https://exchange.xforce.ibmcloud.com/vulnerabilities/54240 http://www.securityfocus.com/archive/1/507782/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/33344/

CVE-2009-4173

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect