Korn19 Utf-8 Cutenews vulnerabilities
6 known vulnerabilities affecting korn19/utf-8_cutenews.
Total CVEs
6
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
MEDIUM5LOW1
Vulnerabilities
Page 1 of 1
CVE-2009-4174P4MEDIUMCVSS 6.0PoCv82009-12-02
CVE-2009-4174 [MEDIUM] CWE-264 CVE-2009-4174: The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action.
nvd
CVE-2009-4173P4MEDIUMCVSS 6.8PoCv82009-12-02
CVE-2009-4173 [MEDIUM] CWE-352 CVE-2009-4173: Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.
nvd
CVE-2009-4250P4MEDIUMCVSS 4.3PoC≤ 8v2+5 more2009-12-10
CVE-2009-4250 [MEDIUM] CWE-79 CVE-2009-4250: Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews bef
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_pa
nvd
CVE-2009-4175P4MEDIUMCVSS 5.0PoCv82009-12-02
CVE-2009-4175 [MEDIUM] CWE-200 CVE-2009-4175: CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive info
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.
nvd
CVE-2009-4172P4LOWCVSS 2.6PoCv8v8b2009-12-02
CVE-2009-4172 [LOW] CWE-79 CVE-2009-4172: Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8
Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action.
nvd
CVE-2009-4113P4MEDIUMCVSS 6.5v82009-11-30
CVE-2009-4113 [MEDIUM] CWE-94 CVE-2009-4113: Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 Cut
Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.
nvd