Vulnerabilities > CVE-2006-1925 - Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | CutePHP CuteNews 1.4.1 Editnews Module Cross-Site Scripting Vulnerability. CVE-2006-1925. Webapps exploit for php platform |
| id | EDB-ID:27676 |
| last seen | 2016-02-03 |
| modified | 2006-04-19 |
| published | 2006-04-19 |
| reporter | LoK-Crew |
| source | https://www.exploit-db.com/download/27676/ |
| title | CutePHP CuteNews 1.4.1 Editnews Module Cross-Site Scripting Vulnerability |