Static Code Injection Vulnerability in CutePHP CuteNews by CutePHP
CVE-2009-4113

Currently unrated

Key Information:

Vendor: CutePHP
Status: Cutenews; Utf-8 Cutenews
Vendor: CVE Published:; 30 November 2009

What is CVE-2009-4113?

The Categories module in CutePHP's CuteNews versions 1.4.6 and earlier UTF-8 releases prior to version 8b, contains a static code injection flaw. This vulnerability allows remote authenticated users with administrative rights to insert arbitrary PHP code through the Category Access field, potentially compromising the application's integrity. The injection occurs via the data/category.db.php file, making it crucial for users to update their installations and implement security measures to prevent unauthorized access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/54243

vdb-entryx_refsource_XF

http://www.morningstarsecurity.com/advisories/MORNINGSTAR...

x_refsource_MISC

http://www.securityfocus.com/archive/1/507782/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2009
Vulnerability Reserved
Nov 30, 2009