Vulnerabilities > CVE-2004-2615 - Local Security vulnerability in Cutephp Cutenews 1.3.6
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |