CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1660

HIGH
7.5
CVSS Severity Score
EPSS Score0.0870%
EPSS Percentile43.85th
PublishedAug 30, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php.

Affected Platforms (CPE)

πŸ“¦
Cutephp

Cutenews

<= 1.3.6

References & Advisories

πŸ”— http://seclists.org/lists/bugtraq/2004/Sep/0014.html
πŸ”— http://secunia.com/advisories/12432
πŸ”— http://www.7a69ezine.org/node/view/130
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17288
πŸ”— http://seclists.org/lists/bugtraq/2004/Sep/0014.html
πŸ”— http://secunia.com/advisories/12432
πŸ”— http://www.7a69ezine.org/node/view/130
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17288

Related Vulnerabilities

CVE-2019-114478.8

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the ...

CVE-2020-55588.8

CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.

CVE-2003-12407.5

PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cu...

CVE-2005-30107.5

Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allo...