PT-2003-2185 · Cutenews · Cutenews
Publicado
2003-12-31
·
Atualizado
2008-09-05
·
CVE-2003-1240
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
CuteNews version 0.88
Description
The issue allows remote attackers to execute arbitrary PHP code via a URL in the
cutepath parameter in files such as "shownews.php", "search.php", or "comments.php".Recommendations
For CuteNews version 0.88, consider restricting access to the
cutepath parameter in the affected files until a patch is available. Avoid using the cutepath parameter in the API endpoints "shownews.php", "search.php", or "comments.php" to minimize the risk of exploitation.Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cutenews