Directory Traversal Vulnerabilities in CutePHP CuteNews Affecting User Access
CVE-2009-4116

Currently unrated

Key Information:

Vendor

CutePHP

Status
Cutenews
Vendor
CVE Published:
30 November 2009

What is CVE-2009-4116?

Multiple directory traversal vulnerabilities exist in CutePHP CuteNews version 1.4.6, particularly when magic_quotes_gpc is disabled. These flaws enable authenticated users with editor or administrative access to read arbitrary files by exploiting the source parameter through the list and editnews actions within the Editnews module. Additionally, attackers may leverage the save_con[skin] parameter in the Options module to include and execute local files, posing a significant risk of remote code execution.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/54246
vdb-entryx_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/54244
vdb-entryx_refsource_XF
http://www.morningstarsecurity.com/advisories/MORNINGSTAR...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.