CVE-2009-4173

CutePHP CuteNews <8b - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Andrew Horton · textwebappsphp
https://www.exploit-db.com/exploits/33344
exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/10002

References (4)

Scores

EPSS 0.0016
EPSS Percentile 36.5%

Details

CWE
CWE-352
Status published
Products (2)
cutephp/cutenews 1.4.6
korn19/utf-8_cutenews 8
Published Dec 02, 2009
Tracked Since Feb 18, 2026