Remote File Inclusion Vulnerabilities in CuteNews 1.3.x by CuteNews
CVE-2006-4445

Currently unrated

Key Information:

Vendor: CutePHP
Status: Cutenews
Vendor: CVE Published:; 29 August 2006

What is CVE-2006-4445?

CuteNews versions 1.3.x are susceptible to multiple PHP remote file inclusion vulnerabilities that allow attackers to execute arbitrary PHP code. Exploitation can occur through a maliciously crafted URL in the cutepath parameter in the show_news.php and search.php files, posing a risk to web applications utilizing this software. While analyses have not conclusively identified scenarios leading to successful remote file inclusion, it is critical for users to remain vigilant and update to secure versions.

References

http://www.securityfocus.com/archive/1/444733/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.osvdb.org/29842

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/28582

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2006
Vulnerability Reserved
Aug 29, 2006

CutePHP

What is CVE-2006-4445?

References

Timeline