Shodan
Vulnerabilities
Vulnerable Software
Cutephp:  >> Cutenews  Security Vulnerabilities
CVE-2006-1925
Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist.
CVSS Score
4.3
EPSS Score
0.005
Published
2006-04-20
CVE-2006-1339
Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter in an HTTP POST or COOKIE request, which bypasses a sanity check that is only applied to a GET request.
CVSS Score
5.0
EPSS Score
0.019
Published
2006-03-21
CVE-2006-1340
CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path.
CVSS Score
5.0
EPSS Score
0.005
Published
2006-03-21
CVE-2006-1121
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php.
CVSS Score
6.8
EPSS Score
0.07
Published
2006-03-09
CVE-2006-0885
Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter.
CVSS Score
4.3
EPSS Score
0.007
Published
2006-02-25
CVE-2005-3592
index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-11-16
CVE-2005-3507
Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
CVSS Score
5.0
EPSS Score
0.058
Published
2005-11-06
CVE-2005-3009
Cross-site scripting (XSS) vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter to index.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-09-21
CVE-2005-3010
Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.
CVSS Score
7.5
EPSS Score
0.024
Published
2005-09-21
CVE-2005-2393
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-07-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved