Every CVE whose affected-product data names Cutephp Cutenews, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2008-4557 — CVSS 10.0 (critical): plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code…
CVE-2020-5558 — CVSS 8.8 (high): CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2019-11447 — CVSS 8.8 (high): An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile…
CVE-2003-1240 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath…
CVE-2004-1660 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the…
CVE-2005-3010 — CVSS 7.5 (high): Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote…
CVE-2006-4445 — CVSS 7.5 (high): Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the…
CVE-2004-1573 — CVSS 7.2 (high): The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute…
CVE-2004-0660 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows…
CVE-2006-1121 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query…
CVE-2009-4173 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack…
CVE-2009-4115 — CVSS 6.5 (medium): Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with…
CVE-2009-4113 — CVSS 6.5 (medium): Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote…
CVE-2006-2250 — CVSS 6.4 (medium): CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2)…
CVE-2020-5557 — CVSS 6.1 (medium): Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4174 — CVSS 6.0 (medium): The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated…
CVE-2007-6662 — CVSS 5.8 (medium): Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the…
CVE-2005-2394 — CVSS 5.0 (medium): show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an invalid archive parameter.
CVE-2005-3507 — CVSS 5.0 (medium): Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges…
CVE-2005-3592 — CVSS 5.0 (medium): index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering…
CVE-2006-1339 — CVSS 5.0 (medium): Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled…
CVE-2006-1340 — CVSS 5.0 (medium): CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an…
CVE-2009-4175 — CVSS 5.0 (medium): CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in…
CVE-2004-2615 — CVSS 4.6 (medium): The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given…
CVE-2005-1876 — CVSS 4.5 (medium): Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute…
CVE-2006-2249 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers…
CVE-2006-1925 — CVSS 4.3 (medium): Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read…
CVE-2006-0885 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML…
CVE-2005-3009 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter…
CVE-2005-2393 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via (1) the…
CVE-2006-6300 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result…
CVE-2004-1659 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor…
CVE-2009-4250 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject…
CVE-2009-4116 — CVSS 3.5 (low): Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users…
CVE-2006-3661 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2009-4172 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is…
CVE-2009-4249 — CVSS 2.6 (low): Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is…