Vulnerabilities > CVE-2006-4445 - Unspecified vulnerability in Cutephp Cutenews

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

cutephp

NVD

Published: 2006-08-29

Updated: 2024-11-21

Summary

Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion

Vulnerable Configurations

Part	Description	Count
Application	Cutephp Cutephp Cutenews 1.3.6 Cutephp Cutenews 1.3.2 Cutephp Cutenews 1.3 Cutephp Cutenews 1.3.1	4

References

http://archives.neohapsis.com/archives/bugtraq/2006-09/0040.html
http://archives.neohapsis.com/archives/bugtraq/2006-09/0040.html
http://www.attrition.org/pipermail/vim/2006-August/001000.html
http://www.attrition.org/pipermail/vim/2006-August/001000.html
http://www.osvdb.org/29842
http://www.osvdb.org/29842
http://www.securityfocus.com/archive/1/444385/100/0/threaded
http://www.securityfocus.com/archive/1/444385/100/0/threaded
http://www.securityfocus.com/archive/1/444733/100/0/threaded
http://www.securityfocus.com/archive/1/444733/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/28582
https://exchange.xforce.ibmcloud.com/vulnerabilities/28582