Static Code Injection Vulnerability in CutePHP CuteNews by CutePHP
CVE-2009-4113

Currently unrated

Key Information:

Vendor

CutePHP

Status
Cutenews
Utf-8 Cutenews
Vendor
CVE Published:
30 November 2009

What is CVE-2009-4113?

The Categories module in CutePHP's CuteNews versions 1.4.6 and earlier UTF-8 releases prior to version 8b, contains a static code injection flaw. This vulnerability allows remote authenticated users with administrative rights to insert arbitrary PHP code through the Category Access field, potentially compromising the application's integrity. The injection occurs via the data/category.db.php file, making it crucial for users to update their installations and implement security measures to prevent unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/54243
vdb-entryx_refsource_XF
http://www.morningstarsecurity.com/advisories/MORNINGSTAR...
x_refsource_MISC
http://www.securityfocus.com/archive/1/507782/100/0/threaded
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.