Описание
Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the (1) category and (2) Icon URL fields; or (3) inject arbitrary PHP code into data/ipban.php via the add_ip parameter.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cutephp:cutenews:1.4.6:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00816
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the (1) category and (2) Icon URL fields; or (3) inject arbitrary PHP code into data/ipban.php via the add_ip parameter.
EPSS
Процентиль: 74%
0.00816
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-94