Static Code Injection Vulnerabilities in CutePHP CuteNews by Morningstar Security
CVE-2009-4115

Currently unrated

Key Information:

Vendor

CutePHP

Status
Cutenews
Vendor
CVE Published:
30 November 2009

What is CVE-2009-4115?

Multiple static code injection vulnerabilities exist in the Categories module of CutePHP CuteNews version 1.4.6. These vulnerabilities enable remote authenticated users with administrative privileges to inject arbitrary PHP code into critical files, such as data/category.db.php through the category and Icon URL fields. Additionally, arbitrary PHP code can be injected into data/ipban.php via the add_ip parameter. These security flaws could allow attackers to execute malicious code on the server, potentially compromising the integrity and availability of the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/54243
vdb-entryx_refsource_XF
http://www.morningstarsecurity.com/advisories/MORNINGSTAR...
x_refsource_MISC
http://www.securityfocus.com/archive/1/507782/100/0/threaded
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.