Cutephp CuteNews 1.3/1.3.1/1.3.2/1.3.6 show_news.php cutepath escalazione di privilegi

voceeditHistoryDiffjsonxmlCTI

Una vulnerabilità di livello critico è stata rilevata in Cutephp CuteNews 1.3/1.3.1/1.3.2/1.3.6 (Content Management System). É interessato una funzione sconosciuta del file show_news.php. Informazioni riguardo una possibile contromisura non sono al momento disponibili. Si suggerisce di sostituire il prodotto con uno equivalente.

Campo12/03/2015 15:5114/08/2018 08:28
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore7.57.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore7.37.3
cvss3_meta_tempscore7.37.3
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.37.3
date1156484931 (25/08/2006)1156484931 (25/08/2006)
disputed11
price_0day$0-$5k$0-$5k
cveCVE-2006-4445CVE-2006-4445
cve_nvd_published11568096001156809600
cve_nvd_summary** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion.** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion.
osvdb2984229842
osvdb_create11612370181161237018
osvdb_titleCuteNews Multiple Script cutepath Parameter Remote File InclusionCuteNews Multiple Script cutepath Parameter Remote File Inclusion
xforce2858228582
cwe73 (escalazione di privilegi)73 (escalazione di privilegi)
cvss3_vuldb_uiNN
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
typeContent Management SystemContent Management System
vendorCutephpCutephp
nameCuteNewsCuteNews
version1.3/1.3.1/1.3.2/1.3.61.3/1.3.1/1.3.2/1.3.6
fileshow_news.phpshow_news.php
argumentcutepathcutepath
risk22
urlhttp://www.securityfocus.com/archive/1/archive/1/444385/100/0/threaded
cve_assigned1156809600

Do you need the next level of professionalism?

Upgrade your account now!