Vulnerabilities > CVE-2006-1925 - Unspecified vulnerability in Cutephp Cutenews 1.4.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cutephp
exploit available
NVD
Published: 2006-04-20
Updated: 2024-11-21

Summary

Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist.

Vulnerable Configurations

Part Description Count
Application
Cutephp
1

Exploit-Db

descriptionCutePHP CuteNews 1.4.1 Editnews Module Cross-Site Scripting Vulnerability. CVE-2006-1925. Webapps exploit for php platform
idEDB-ID:27676
last seen2016-02-03
modified2006-04-19
published2006-04-19
reporterLoK-Crew
sourcehttps://www.exploit-db.com/download/27676/
titleCutePHP CuteNews 1.4.1 Editnews Module Cross-Site Scripting Vulnerability

References