cbcvebase.

Korn19 Utf-8 Cutenews vulnerabilities

6 known vulnerabilities affecting korn19/utf-8_cutenews.

Total CVEs
6
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
MEDIUM5LOW1

Vulnerabilities

Page 1 of 1
CVE-2009-4174P4MEDIUMCVSS 6.0PoCv82009-12-02
CVE-2009-4174 [MEDIUM] CWE-264 CVE-2009-4174: The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action.
nvd
CVE-2009-4173P4MEDIUMCVSS 6.8PoCv82009-12-02
CVE-2009-4173 [MEDIUM] CWE-352 CVE-2009-4173: Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.
nvd
CVE-2009-4250P4MEDIUMCVSS 4.3PoC≤ 8v2+5 more2009-12-10
CVE-2009-4250 [MEDIUM] CWE-79 CVE-2009-4250: Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews bef Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_pa
nvd
CVE-2009-4175P4MEDIUMCVSS 5.0PoCv82009-12-02
CVE-2009-4175 [MEDIUM] CWE-200 CVE-2009-4175: CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive info CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.
nvd
CVE-2009-4172P4LOWCVSS 2.6PoCv8v8b2009-12-02
CVE-2009-4172 [LOW] CWE-79 CVE-2009-4172: Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action.
nvd
CVE-2009-4113P4MEDIUMCVSS 6.5v82009-11-30
CVE-2009-4113 [MEDIUM] CWE-94 CVE-2009-4113: Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 Cut Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.
nvd
Korn19 Utf-8 Cutenews vulnerabilities | cvebase