CuteNews 1.3.6 and Earlier: Remote Code Injection via Template File

CuteNews 1.3.6 and Earlier: Remote Code Injection via Template File

CVE-2005-1876 · MEDIUM Severity

AV:L/AC:M/AU:N/C:P/I:P/A:P

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.

Learn more about our Web Application Penetration Testing UK.