Vulnerabilities > CVE-2004-2615 - Unspecified vulnerability in Cutephp Cutenews 1.3.6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-08/0396.html
- http://archives.neohapsis.com/archives/bugtraq/2004-08/0396.html
- http://securitytracker.com/id?1011099
- http://securitytracker.com/id?1011099
- http://www.osvdb.org/9385
- http://www.osvdb.org/9385
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17161
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17161