Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

CuteNews <= 1.3.6 Multiple Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks for multiple vulnerabilities in CuteNews <= 1.3.6

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains several PHP scripts that are prone to
multiple flaws, including possible arbitrary PHP code execution.

Description :

According to its version number, the remote host is running a version
of CuteNews that allows a possible hacker to inject arbitrary script through
the variables 'X-FORWARDED-FOR' or 'CLIENT-IP' when adding a comment.
On one hand, a possible hacker can inject a client-side script to be
executed by an administrator's browser when he/she chooses to edit the
added comment. On the other, a possible hacker with local access could
leverage this flaw to run arbitrary PHP code in the context of the web
server user.

Additionally, it suffers from a cross-site scripting flaw involving
the 'search.php' script.

See also :

Solution :

Unknown at this time.

Threat Level:

Medium / CVSS Base Score : 5

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.