Cutephp CuteNews 1.3/1.3.1/1.3.2/1.3.6 show_news.php cutepath file inclusion

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in Cutephp CuteNews 1.3/1.3.1/1.3.2/1.3.6 (Content Management System). This affects an unknown part of the file show_news.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field03/12/2015 03:51 PM08/14/2018 08:28 AM
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore7.57.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore7.37.3
cvss3_meta_tempscore7.37.3
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.37.3
date1156484931 (08/25/2006)1156484931 (08/25/2006)
disputed11
price_0day$0-$5k$0-$5k
cveCVE-2006-4445CVE-2006-4445
cve_nvd_published11568096001156809600
cve_nvd_summary** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion.** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion.
osvdb2984229842
osvdb_create11612370181161237018
osvdb_titleCuteNews Multiple Script cutepath Parameter Remote File InclusionCuteNews Multiple Script cutepath Parameter Remote File Inclusion
xforce2858228582
cwe73 (privilege escalation)73 (privilege escalation)
cvss3_vuldb_uiNN
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
typeContent Management SystemContent Management System
vendorCutephpCutephp
nameCuteNewsCuteNews
version1.3/1.3.1/1.3.2/1.3.61.3/1.3.1/1.3.2/1.3.6
fileshow_news.phpshow_news.php
argumentcutepathcutepath
risk22
urlhttp://www.securityfocus.com/archive/1/archive/1/444385/100/0/threaded
cve_assigned1156809600

Do you want to use VulDB in your project?

Use the official API to access entries easily!