Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CutePHP CuteNews 多个目录遍历漏洞
Vulnerability Description
CutePHP CuteNews是一套新闻管理系统。该系统具有搜索、文件上传管理、访问控制、备份和恢复等功能。 (1) 模块Editnews/操作list /参数source 中的..; (2) 模块Editnews/操作Editnews/参数source 中的..; (3) 模块Options/参数save_con[skin]中的..; 注意:vector 3 可以通过运行一个..来包含并执行任意本地文件。
CVSS Information
N/A
Vulnerability Type
N/A