Summary
The host is running CuteNews/UTF-8 CuteNews and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow remote attackers to steal user credentials, disclose file contents, disclose the file path of the application, execute arbitrary commands.
Impact Level: system/Application.
Solution
For UTF-8 CuteNews Upgrade to version 8b
http://korn19.ch/coding/utf8-cutenews
For CuteNews Upgrade to version 1.5.0.1 or later,
For updates refer to http://cutephp.com
Insight
- An improper validation of user-supplied input by the 'category.db.php' script via the Category Access field or Icon URL fields - An improper validation of user-supplied input by the 'data/ipban.php' script via the add_ip paramete.
- An improper validation of user-supplied input by the 'Editnews module' via list or editnews parameters and 'Options module' via save_con[skin] parameter.
- An error in 'editusers' module within 'index.php' allows attackers to hijack the authentication of administrators for requests that create new users.
- An error in 'from_date_day' parameter to 'search.php' which reveals the installation path in an error message.
- An error in 'modified id' parameter in a 'doeditnews' action allows remote users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles.
- An improper validation of user-supplied input by the result parameter to 'register.php', the user parameter to 'search.php', the cat_msg, source_msg, postponed_selected, unapproved_selected, and news_per_page parameters in a list action to the editnews module of 'index.php' and the link tag in news comments - An error in lastusername and mod parameters to 'index.php' and the title parameter to 'search.php' it allow attackers to inject arbitrary web script or HTML
Affected
CuteNews version 1.4.6 and UTF-8 CuteNews version prior to 8b
References
Severity
Classification
-
CVE CVE-2009-4113, CVE-2009-4115, CVE-2009-4116, CVE-2009-4172, CVE-2009-4173, CVE-2009-4174, CVE-2009-4175, CVE-2009-4249, CVE-2009-4250 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities