CyberSec.Space Logo
Back to CVE Browser

CVE-2003-1240

HIGH
7.5
CVSS Severity Score
EPSS Score0.1150%
EPSS Percentile23.05th
PublishedDec 31, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.

Affected Platforms (CPE)

πŸ“¦
Cutephp

Cutenews

= 0.88

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2003-02/0320.html
πŸ”— http://www.iss.net/security_center/static/11417.php
πŸ”— http://www.securityfocus.com/bid/6935
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2003-02/0320.html
πŸ”— http://www.iss.net/security_center/static/11417.php
πŸ”— http://www.securityfocus.com/bid/6935

Related Vulnerabilities

CVE-2019-114478.8

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the ...

CVE-2020-55588.8

CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.

CVE-2004-16607.5

PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via th...

CVE-2005-30107.5

Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allo...