CyberSec.Space Logo
Back to CVE Browser

CVE-2005-3010

HIGH
7.5
CVSS Severity Score
EPSS Score0.0250%
EPSS Percentile37.28th
PublishedSep 21, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.

Affected Platforms (CPE)

πŸ“¦
Cutephp

Cutenews

<= 1.4.0

References & Advisories

πŸ”— http://securityreason.com/securityalert/14
πŸ”— http://www.securityfocus.com/archive/1/411057
πŸ”— http://www.securityfocus.com/bid/14869
πŸ”— http://securityreason.com/securityalert/14
πŸ”— http://www.securityfocus.com/archive/1/411057
πŸ”— http://www.securityfocus.com/bid/14869

Related Vulnerabilities

CVE-2019-114478.8

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the ...

CVE-2020-55588.8

CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.

CVE-2003-12407.5

PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cu...

CVE-2004-16607.5

PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via th...

CVE-2005-3010 Detail & Impact Analysis | CVSS 7.5 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space