Vulnerabilities > CVE-2004-2615 - Local Security vulnerability in Cutephp Cutenews 1.3.6

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

cutephp

NVD

Published: 2004-12-31

Updated: 2017-07-20

Summary

The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.

Vulnerable Configurations

Part	Description	Count
Application	Cutephp Cutephp Cutenews 1.3.6	1

References

http://archives.neohapsis.com/archives/bugtraq/2004-08/0396.html
http://securitytracker.com/id?1011099
http://www.osvdb.org/9385
https://exchange.xforce.ibmcloud.com/vulnerabilities/17161