CVE-2003-1240

Cutephp Cutenews - Code Injection

Title source: rule

Description

PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Over_G · textwebappsphp

https://www.exploit-db.com/exploits/22283

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Over_G · textwebappsphp

https://www.exploit-db.com/exploits/22284

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Over_G · textwebappsphp

https://www.exploit-db.com/exploits/22285

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/11417.php

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2003-02/0320.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6935

Scores

EPSS 0.0133

EPSS Percentile 80.0%

Details

CWE

CWE-94

Status published

Products (1)

cutephp/cutenews 0.88

Published Dec 31, 2003

Tracked Since Feb 18, 2026