Static Code Injection Vulnerabilities in CutePHP CuteNews by Morningstar Security
CVE-2009-4115
Currently unrated
What is CVE-2009-4115?
Multiple static code injection vulnerabilities exist in the Categories module of CutePHP CuteNews version 1.4.6. These vulnerabilities enable remote authenticated users with administrative privileges to inject arbitrary PHP code into critical files, such as data/category.db.php through the category and Icon URL fields. Additionally, arbitrary PHP code can be injected into data/ipban.php via the add_ip parameter. These security flaws could allow attackers to execute malicious code on the server, potentially compromising the integrity and availability of the application.