CyberSec.Space Logo
CVEブラウザに戻る

CVE-2003-1240

HIGH
7.5
CVSS Severity Score
EPSS Score0.1150%
EPSS Percentile23.05th
Published2003年12月31日
Last Modified2026年4月16日

Vulnerability Description

PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.

Affected Platforms (CPE)

📦
Cutephp

Cutenews

= 0.88

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2003-02/0320.html
🔗 http://www.iss.net/security_center/static/11417.php
🔗 http://www.securityfocus.com/bid/6935
🔗 http://archives.neohapsis.com/archives/bugtraq/2003-02/0320.html
🔗 http://www.iss.net/security_center/static/11417.php
🔗 http://www.securityfocus.com/bid/6935

関連する脆弱性情報

CVE-2019-114478.8

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the ...

CVE-2020-55588.8

CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.

CVE-2004-16607.5

PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via th...

CVE-2005-30107.5

Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allo...