CuteNews 1.3.6 and Earlier: Remote Code Injection via Template File
CVE-2005-1876 · MEDIUM Severity
AV:L/AC:M/AU:N/C:P/I:P/A:P
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.
Learn more about our Web Application Penetration Testing UK.