Cutephp

Cutenews

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2009-4115

Exploit
  • EPSS 0.82%
  • Veröffentlicht 30.11.2009 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the (1) category ...

6.5

CVE-2009-4113

Exploit
  • EPSS 0.48%
  • Veröffentlicht 30.11.2009 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php vi...

10

CVE-2008-4557

  • EPSS 8.28%
  • Veröffentlicht 14.10.2008 22:36:58
  • Zuletzt bearbeitet 09.04.2025 00:30:58

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.

5.8

CVE-2007-6662

  • EPSS 0.09%
  • Veröffentlicht 04.01.2008 11:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php.

7.5

CVE-2007-1153

  • EPSS 0.54%
  • Veröffentlicht 02.03.2007 21:18:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...

4.3

CVE-2006-6300

Exploit
  • EPSS 0.42%
  • Veröffentlicht 05.12.2006 11:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter.

7.5

CVE-2006-4445

  • EPSS 1.51%
  • Veröffentlicht 29.08.2006 23:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identifie...

2.6

CVE-2006-3661

  • EPSS 0.3%
  • Veröffentlicht 18.07.2006 15:47:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third part...

6.4

CVE-2006-2250

  • EPSS 0.48%
  • Veröffentlicht 09.05.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message.

4.3

CVE-2006-2249

Exploit
  • EPSS 9.89%
  • Veröffentlicht 09.05.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters.