CVE-2019-11447

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a...

Exploit for Unrestricted Upload of File with Dangerous Type in Cutephp Cutenews

sadnews CuteNews 2.1.2 - CVE-2019-11447 Proof-Of-Concept POC...

CuteNews 2.1.2 Shell Upload Exploit

CuteNews version 2.1.2 Avatar upload remote shell upload exploit. Original discovery of remote shell upload in this version is attributed to Ozkan Mustafa Akkus in April of 2019. ! /usr/bin/env python3 Exploit Title: CuteNews 2.1.2 - Avatar upload RCE Authenticated Exploit Author: Mayank Deshmukh...

Exploit for Unrestricted Upload of File with Dangerous Type in Cutephp Cutenews

CVE-2019-11447 Exploit/PoC - CuteNews 2.1.2 Avatar upload RCE...

CuteNews 2.1.2 Shell Upload

! /usr/bin/env python3 Exploit Title: CuteNews 2.1.2 - Avatar upload RCE Authenticated Exploit Author: Mayank Deshmukh Date: 2021-03-17 Vendor Homepage: https://cutephp.com/ Software Link: https://cutephp.com/click.php?cutenewslatest Version: 2.1.2 CVE: CVE-2019-11447 CVE Reference:...

Exploit for Unrestricted Upload of File with Dangerous Type in Cutephp Cutenews

CVE-2019-11447-EXP CuteNews Avatar 2.1.2 Remote Code Executio...

Exploit for Unrestricted Upload of File with Dangerous Type in Cutephp Cutenews

CVE-2019-11447 - PoC Exploits CuteNews 2.1.2 via poor file up...

CutePHP Cutenews Remote Code Execution (CVE-2019-11447)

A remote code execution vulnerability exists in CutePHP CuteNews. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CuteNews 2.1.2 Remote Code Execution

Exploit Title: CuteNews 2.1.2 - Remote Code Execution Google Dork: N/A Date: 2020-09-10 Exploit Author: Musyoka Ian Vendor Homepage: https://cutephp.com/cutenews/downloading.php Software Link: https://cutephp.com/cutenews/downloading.php Version: CuteNews 2.1.2 Tested on: Ubuntu 20.04, CuteNews...

livedronenews.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1026695 Security Researcher g0bl1nsec Helped patch 3766 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting livedronenews.com website...

CVE-2019-11447

CVE-2019-11447 affects CuteNews 2.1.2 (CutePHP CuteNews). The vulnerability allows remote code execution via the avatar upload process: an attacker can place a crafted file in avatar_file for index.php?mod=main&opt=personal, exploiting insufficient validation of image size ($imgsize) in /core/mod...

CVE-2019-11447

creationtimestamp| type| source ---|---|--- 2019-04-15 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46698 2020-09-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48800 2024-11-14 06:07:03+00:00| seen| MISP/e0a2986c-7c54-4933-95c6-841854d50e7f...