Cross-Site Request Forgery Vulnerability in CutePHP CuteNews by CutePHP
CVE-2009-4173

Currently unrated

Key Information:

Vendor: CutePHP
Status: Cutenews; Utf-8 Cutenews
Vendor: CVE Published:; 2 December 2009

What is CVE-2009-4173?

A Cross-Site Request Forgery (CSRF) vulnerability exists in CutePHP CuteNews versions 1.4.6 and earlier versions of UTF-8 CuteNews, which permits remote attackers to exploit the authentication of administrators. This can be accomplished by crafting a malicious request that targets the adduser action within the editusers module of index.php, potentially allowing unauthorized users to create new accounts, including administrative ones. This vulnerability could lead to significant security issues if exploited, making it essential for users to apply security measures.

References

http://www.morningstarsecurity.com/advisories/MORNINGSTAR...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/54240

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/507782/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2009
Vulnerability Reserved
Dec 2, 2009