Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-11447
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
编号重复
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CutePHP CuteNews是一套新闻管理系统。该系统具有搜索、文件上传管理、访问控制、备份和恢复等功能。 “废弃”请勿使用此编号。原因:此编号与CNNVD-201110-126编号重复,所有使用CNNVD编号的用户请参考CNNVD-201110-126编号。为防止意外使用,此编号中的所有信息已删除。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2019-11447
#POC DescriptionSource LinkShenlong Link
1Exploits CuteNews 2.1.2 via poor file upload checks used when uploading an avatar image leading to RCE.https://github.com/mt-code/CVE-2019-11447POC Details
2CuteNews Avatar 2.1.2 Remote Code Execution Vulnerabilityhttps://github.com/khuntor/CVE-2019-11447-EXPPOC Details
3CuteNews 2.1.2 - CVE-2019-11447 Proof-Of-Concepthttps://github.com/dinesh876/CVE-2019-11447-POCPOC Details
4Exploit Code for CVE-2019-11447 aka CuteNews 2.1.2 Avatar upload RCE (Authenticated)https://github.com/ColdFusionX/CVE-2019-11447_CuteNews-AvatarUploadRCEPOC Details
5CutePHP Cute News 2.1.2 RCE PoChttps://github.com/thewhiteh4t/cve-2019-11447POC Details
6Nonehttps://github.com/0xConstant/CVE-2019-11447POC Details
7Nonehttps://github.com/substing/CVE-2019-11447_reverse_shell_uploadPOC Details
8CuteNews 2.1.2 - CVE-2019-11447 Proof-Of-Concepthttps://github.com/CRFSlick/CVE-2019-11447-POCPOC Details
9CVE-2019-11447 written in Chttps://github.com/ojo5/CVE-2019-11447.cPOC Details
10Nonehttps://github.com/banomaly/CVE-2019-11447POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2019-11447
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2019-11447

No comments yet

Leave a comment