Cutephp

Cutenews

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2020-5558

  • EPSS 1.98%
  • Veröffentlicht 25.03.2020 02:15:12
  • Zuletzt bearbeitet 21.11.2024 05:34:16

CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.

6.1

CVE-2020-5557

  • EPSS 0.31%
  • Veröffentlicht 25.03.2020 02:15:11
  • Zuletzt bearbeitet 21.11.2024 05:34:16

Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

8.8

CVE-2019-11447

Exploit
  • EPSS 73.97%
  • Veröffentlicht 22.04.2019 11:29:06
  • Zuletzt bearbeitet 21.11.2024 04:21:05

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in ...

4.3

CVE-2009-4250

Exploit
  • EPSS 5.32%
  • Veröffentlicht 10.12.2009 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.ph...

2.6

CVE-2009-4249

Exploit
  • EPSS 3.42%
  • Veröffentlicht 10.12.2009 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod param...

2.6

CVE-2009-4172

Exploit
  • EPSS 0.82%
  • Veröffentlicht 02.12.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnew...

6.8

CVE-2009-4173

Exploit
  • EPSS 0.16%
  • Veröffentlicht 02.12.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an ad...

6

CVE-2009-4174

Exploit
  • EPSS 1.09%
  • Veröffentlicht 02.12.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articl...

5

CVE-2009-4175

Exploit
  • EPSS 1.75%
  • Veröffentlicht 02.12.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.

3.5

CVE-2009-4116

Exploit
  • EPSS 0.66%
  • Veröffentlicht 30.11.2009 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source para...