exploitDog

CVE-2005-1876

Опубликовано: 09 июн. 2005

Источник: nvd

CVSS3: 4.5

CVSS2: 4.4

EPSS Низкий

Описание

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.

Ссылки

http://marc.info/?l=bugtraq&m=111773528322711&w=2
Third Party Advisory
http://secunia.com/advisories/15594
Broken Link
http://www.osvdb.org/17030
Broken Link
http://marc.info/?l=bugtraq&m=111773528322711&w=2
Third Party Advisory
http://secunia.com/advisories/15594
Broken Link
http://www.osvdb.org/17030
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cutephp:cutenews:*:*:*:*:*:*:*:*

Версия до 1.3.6 (включая)

EPSS

Процентиль: 72%

0.0074

Низкий

4.5 Medium

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-94

CWE-94

Связанные уязвимости

GHSA-g2w2-352j-xq39

CVSS3: 4.5

github

почти 4 года назад

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.

EPSS

Процентиль: 72%

0.0074

Низкий

4.5 Medium

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-94

CWE-94