Code injection

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the 1 category and 2 Icon URL fields; or 3 inject arbitrary PHP...

CuteNews 1.4.1 - categories.mdu Remote Command Execution

CuteNews 1.4.1 - categories.mdu Remote Command Execution !/usr/bin/perl cijfer-cnxpl - CuteNews All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-cnxpl.pl -h www.xxxx.org -d /news [email protected] /$ id;uname -a uid=48apache gid=48apache groups=48apache,29000webserving...