CVE-2005-1876

MEDIUM

Cutephp Cutenews < 1.3.6 - Code Injection

Title source: rule

Description

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.

References (3)

[Third Party Advisory] http://marc.info/?l=bugtraq&m=111773528322711&w=2

[Broken Link] http://secunia.com/advisories/15594

[Broken Link] http://www.osvdb.org/17030

Scores

CVSS v3 4.5

EPSS 0.0077

EPSS Percentile 73.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Classification

CWE

CWE-94

Status draft

Affected Products (1)

cutephp/cutenews < 1.3.6

Timeline

Published Jun 09, 2005

Tracked Since Feb 18, 2026