Exploit for Unrestricted Upload of File with Dangerous Type in Cutephp Cutenews

sadnews CuteNews 2.1.2 - CVE-2019-11447 Proof-Of-Concept POC...

CuteNews 2.1.2 - Authenticated Arbitrary File Upload

Exploit Title: CuteNews 2.1.2 - Authenticated Arbitrary File Upload Date: 2020-05-12 Author: Vigov5 - SunCSR Team Vendor Homepage: https://cutephp.com Software Link: https://cutephp.com/click.php?cutenewslatest Version: v2.1.2 Tested on: Ubuntu 18.04 / Kali Linux Description:...

CuteNews 2.1.2 - Authenticated Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: CuteNews 2.1.2 - Authenticated Arbitrary File Upload Author: Vigov5 - SunCSR Team Vendor Homepage: https://cutephp.com Software Link: https://cutephp.com/click.php?cutenewslatest Version: v2.1.2 Tested on: Ubuntu 18.04 / Kali...

CVE-2019-11447

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content ...

Design/Logic Flaw

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content ...

CVE-2019-11447

CVE-2019-11447 affects CuteNews 2.1.2 (CutePHP CuteNews). The vulnerability allows remote code execution via the avatar upload process: an attacker can place a crafted file in avatar_file for index.php?mod=main&opt=personal, exploiting insufficient validation of image size ($imgsize) in /core/mod...

CVE-2019-11447

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content ...

CuteNews 2.1.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "CuteNews 2.1.2 - 'avatar' Remote Code Execution", 'Description' = %q This module exploits a command execution vulnerability in CuteNews prior to...

CuteNews 2.1.2 - avatar Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "CuteNews 2.1.2 - 'avatar' Remote Code Execution", 'Description' = %q This module exploits a command execution vulnerability in CuteNews prior to...