CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-4445

Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.6%

CVSS Severity

CVSS v2 Score 7.5

References

http://archives.neohapsis.com/archives/bugtraq/2006-09/0040.html
http://www.attrition.org/pipermail/vim/2006-August/001000.html
http://www.osvdb.org/29842
http://www.securityfocus.com/archive/1/444385/100/0/threaded
http://www.securityfocus.com/archive/1/444733/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/28582
http://archives.neohapsis.com/archives/bugtraq/2006-09/0040.html
http://www.attrition.org/pipermail/vim/2006-August/001000.html
http://www.osvdb.org/29842
http://www.securityfocus.com/archive/1/444385/100/0/threaded
http://www.securityfocus.com/archive/1/444733/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/28582

Products affected by CVE-2006-4445

Cutephp » Cutenews » Version: 1.3

cpe:2.3:a:cutephp:cutenews:1.3
Cutephp » Cutenews » Version: 1.3.1

cpe:2.3:a:cutephp:cutenews:1.3.1
Cutephp » Cutenews » Version: 1.3.2

cpe:2.3:a:cutephp:cutenews:1.3.2
Cutephp » Cutenews » Version: 1.3.6

cpe:2.3:a:cutephp:cutenews:1.3.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-4445

Products

Pricing

Contact Us