CVE-2009-4174
published 2009-12-02CVE-2009-4174: The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with…
PriorityP432medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
1.65%
73.5th percentile
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cutephp | cutenews | — | — |
| korn19 | utf-8_cutenews | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txthttp://www.securityfocus.com/archive/1/507782/100/0/threadedhttp://www.securityfocus.com/bid/36971https://exchange.xforce.ibmcloud.com/vulnerabilities/54236http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txthttp://www.securityfocus.com/archive/1/507782/100/0/threadedhttp://www.securityfocus.com/bid/36971https://exchange.xforce.ibmcloud.com/vulnerabilities/54236
2009-12-02
Published