Cutenews@1.3.6 Security Vulnerabilities and Issues — Cutenews@1.3.6 CVE List

Lucene search

CutephpCutenews1.3.6

6 matches found

CVE•added 2005/02/20 5:0 a.m.•56 views

CVE-2004-1659

Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.

4.3CVSS5.7AI score0.00655EPSS

CVE•added 2005/02/20 5:0 a.m.•44 views

CVE-2004-1573

The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator.

7.2CVSS7.8AI score0.00036EPSS

CVE•added 2005/07/27 4:0 a.m.•38 views

CVE-2005-2393

Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php.

4.3CVSS5.7AI score0.00351EPSS

CVE•added 2005/07/27 4:0 a.m.•38 views

CVE-2005-2394

show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an invalid archive parameter.

5CVSS7AI score0.00409EPSS

CVE•added 2005/09/21 8:3 p.m.•33 views

CVE-2005-3009

Cross-site scripting (XSS) vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter to index.php.

4.3CVSS6AI score0.00335EPSS

CVE•added 2005/12/04 11:0 a.m.•31 views

CVE-2004-2615

The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.

4.6CVSS7AI score0.00051EPSS