Lucene search

[email protected]CVE-2004-2615

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2615

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cutenews

security

vulnerability

local user

false news

privileges

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.

CPENameOperatorVersion
cutephp:cutenewscutephp cutenewseq1.3.6

CPE	Name	Operator	Version
cutephp:cutenews	cutephp cutenews	eq	1.3.6

References

archives.neohapsis.com/archives/bugtraq/2004-08/0396.html

securitytracker.com/id?1011099

www.osvdb.org/9385

exchange.xforce.ibmcloud.com/vulnerabilities/17161

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2004-2615

cvelist1