Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

12 vulnerabilities found for utf-8_cutenews by korn19

CVE-2009-4250 (GCVE-0-2009-4250)

Vulnerability from nvd – Published: 2009-12-10 00:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:10.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cutenews-title-xss(54237)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54237"
          },
          {
            "name": "cutenews-newscomments-xss(54224)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54224"
          },
          {
            "name": "cutenews-search-xss(54222)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54222"
          },
          {
            "name": "cutenews-register-xss(54221)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54221"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          },
          {
            "name": "cutenews-editnews-xss(54223)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54223"
          },
          {
            "name": "36971",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36971"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments.  NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cutenews-title-xss(54237)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54237"
        },
        {
          "name": "cutenews-newscomments-xss(54224)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54224"
        },
        {
          "name": "cutenews-search-xss(54222)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54222"
        },
        {
          "name": "cutenews-register-xss(54221)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54221"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        },
        {
          "name": "cutenews-editnews-xss(54223)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54223"
        },
        {
          "name": "36971",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36971"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4250",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments.  NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cutenews-title-xss(54237)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54237"
            },
            {
              "name": "cutenews-newscomments-xss(54224)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54224"
            },
            {
              "name": "cutenews-search-xss(54222)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54222"
            },
            {
              "name": "cutenews-register-xss(54221)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54221"
            },
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            },
            {
              "name": "cutenews-editnews-xss(54223)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54223"
            },
            {
              "name": "36971",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36971"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4250",
    "datePublished": "2009-12-10T00:00:00.000Z",
    "dateReserved": "2009-12-09T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:10.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4175 (GCVE-0-2009-4175)

Vulnerability from nvd – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cutenews-search-path-disclosure(54235)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54235"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          },
          {
            "name": "36971",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36971"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cutenews-search-path-disclosure(54235)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54235"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        },
        {
          "name": "36971",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36971"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4175",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cutenews-search-path-disclosure(54235)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54235"
            },
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            },
            {
              "name": "36971",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36971"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4175",
    "datePublished": "2009-12-02T19:00:00.000Z",
    "dateReserved": "2009-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:09.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4174 (GCVE-0-2009-4174)

Vulnerability from nvd – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cutenews-articles-security-bypass(54236)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54236"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          },
          {
            "name": "36971",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36971"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cutenews-articles-security-bypass(54236)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54236"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        },
        {
          "name": "36971",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36971"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4174",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cutenews-articles-security-bypass(54236)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54236"
            },
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            },
            {
              "name": "36971",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36971"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4174",
    "datePublished": "2009-12-02T19:00:00.000Z",
    "dateReserved": "2009-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:09.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4173 (GCVE-0-2009-4173)

Vulnerability from nvd – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "cutenews-index-csrf(54240)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54240"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          },
          {
            "name": "36971",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36971"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "cutenews-index-csrf(54240)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54240"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        },
        {
          "name": "36971",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36971"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4173",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "cutenews-index-csrf(54240)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54240"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            },
            {
              "name": "36971",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36971"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4173",
    "datePublished": "2009-12-02T19:00:00.000Z",
    "dateReserved": "2009-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:09.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4172 (GCVE-0-2009-4172)

Vulnerability from nvd – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cutenews-newsarticles-xss(54225)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54225"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          },
          {
            "name": "36971",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36971"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cutenews-newsarticles-xss(54225)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54225"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        },
        {
          "name": "36971",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36971"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4172",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cutenews-newsarticles-xss(54225)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54225"
            },
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            },
            {
              "name": "36971",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36971"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4172",
    "datePublished": "2009-12-02T19:00:00.000Z",
    "dateReserved": "2009-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:09.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4113 (GCVE-0-2009-4113)

Vulnerability from nvd – Published: 2009-11-30 21:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cutenews-categories-code-execution(54243)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54243"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cutenews-categories-code-execution(54243)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54243"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4113",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cutenews-categories-code-execution(54243)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54243"
            },
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4113",
    "datePublished": "2009-11-30T21:00:00.000Z",
    "dateReserved": "2009-11-30T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:09.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4250 (GCVE-0-2009-4250)

Vulnerability from cvelistv5 – Published: 2009-12-10 00:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:10.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cutenews-title-xss(54237)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54237"
          },
          {
            "name": "cutenews-newscomments-xss(54224)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54224"
          },
          {
            "name": "cutenews-search-xss(54222)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54222"
          },
          {
            "name": "cutenews-register-xss(54221)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54221"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          },
          {
            "name": "cutenews-editnews-xss(54223)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54223"
          },
          {
            "name": "36971",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36971"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments.  NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cutenews-title-xss(54237)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54237"
        },
        {
          "name": "cutenews-newscomments-xss(54224)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54224"
        },
        {
          "name": "cutenews-search-xss(54222)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54222"
        },
        {
          "name": "cutenews-register-xss(54221)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54221"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        },
        {
          "name": "cutenews-editnews-xss(54223)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54223"
        },
        {
          "name": "36971",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36971"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4250",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments.  NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cutenews-title-xss(54237)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54237"
            },
            {
              "name": "cutenews-newscomments-xss(54224)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54224"
            },
            {
              "name": "cutenews-search-xss(54222)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54222"
            },
            {
              "name": "cutenews-register-xss(54221)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54221"
            },
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            },
            {
              "name": "cutenews-editnews-xss(54223)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54223"
            },
            {
              "name": "36971",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36971"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4250",
    "datePublished": "2009-12-10T00:00:00.000Z",
    "dateReserved": "2009-12-09T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:10.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4173 (GCVE-0-2009-4173)

Vulnerability from cvelistv5 – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "cutenews-index-csrf(54240)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54240"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          },
          {
            "name": "36971",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36971"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "cutenews-index-csrf(54240)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54240"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        },
        {
          "name": "36971",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36971"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4173",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "cutenews-index-csrf(54240)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54240"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            },
            {
              "name": "36971",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36971"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4173",
    "datePublished": "2009-12-02T19:00:00.000Z",
    "dateReserved": "2009-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:09.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4174 (GCVE-0-2009-4174)

Vulnerability from cvelistv5 – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cutenews-articles-security-bypass(54236)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54236"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          },
          {
            "name": "36971",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36971"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cutenews-articles-security-bypass(54236)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54236"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        },
        {
          "name": "36971",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36971"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4174",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cutenews-articles-security-bypass(54236)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54236"
            },
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            },
            {
              "name": "36971",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36971"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4174",
    "datePublished": "2009-12-02T19:00:00.000Z",
    "dateReserved": "2009-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:09.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4175 (GCVE-0-2009-4175)

Vulnerability from cvelistv5 – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cutenews-search-path-disclosure(54235)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54235"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          },
          {
            "name": "36971",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36971"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cutenews-search-path-disclosure(54235)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54235"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        },
        {
          "name": "36971",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36971"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4175",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cutenews-search-path-disclosure(54235)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54235"
            },
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            },
            {
              "name": "36971",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36971"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4175",
    "datePublished": "2009-12-02T19:00:00.000Z",
    "dateReserved": "2009-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:09.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4172 (GCVE-0-2009-4172)

Vulnerability from cvelistv5 – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cutenews-newsarticles-xss(54225)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54225"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          },
          {
            "name": "36971",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36971"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cutenews-newsarticles-xss(54225)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54225"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        },
        {
          "name": "36971",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36971"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4172",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cutenews-newsarticles-xss(54225)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54225"
            },
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            },
            {
              "name": "36971",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36971"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4172",
    "datePublished": "2009-12-02T19:00:00.000Z",
    "dateReserved": "2009-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:09.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4113 (GCVE-0-2009-4113)

Vulnerability from cvelistv5 – Published: 2009-11-30 21:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-11-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cutenews-categories-code-execution(54243)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54243"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
          },
          {
            "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cutenews-categories-code-execution(54243)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54243"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
        },
        {
          "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4113",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cutenews-categories-code-execution(54243)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54243"
            },
            {
              "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt",
              "refsource": "MISC",
              "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt"
            },
            {
              "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4113",
    "datePublished": "2009-11-30T21:00:00.000Z",
    "dateReserved": "2009-11-30T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:54:09.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}