header-logo
Suggest Exploit
vendor:
CuteNews
by:
SecurityFocus
7.5
CVSS
HIGH
Multiple Vulnerabilities
79, 200, 264, 287, 352
CWE
Product Name: CuteNews
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

CuteNews and UTF-8 CuteNews Multiple Vulnerabilities

CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Exploits for some of the issues may require administrator privilege. Successful exploits may allow attackers to obtain sensitive information, gain unauthorized access to the affected application, run arbitrary script code in the browser of an unsuspecting user in the context of the affected site, hijack user sessions, and execute arbitrary commands in the context of the webserver process.

Mitigation:

Ensure that all software is up to date and patched with the latest security updates.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/36971/info
    
CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues.
    
Note that exploits for some of the issues may require administrator privilege.
    
Successful exploits may allow attackers to:
- obtain sensitive information
- gain unauthorized access to the affected application
- run arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- hijack user sessions
- execute arbitrary commands in the context of the webserver process
    
A successful attack will compromise the application and may aid in further attacks. 

http://www.example.com/test/cutenews/index.php?mod=addnews&action=addnews

Navigation

Suggest Exploit

Services By CQR