CVE-2005-1876 — MEDIUM (4.5)

Q: How severe is CVE-2005-1876?

CVE-2005-1876 has been rated MEDIUM with a CVSS base score of 4.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-1876?

Check the references section above for vendor advisories and patch information. Affected products include: Cutephp Cutenews.

Vulnerability Description

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.

CVSS Score

4.5

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Cutephp	Cutenews	<= 1.3.6

Related Weaknesses (CWE)

CWE-94

References

http://marc.info/?l=bugtraq&m=111773528322711&w=2Third Party Advisory
http://secunia.com/advisories/15594Broken Link
http://www.osvdb.org/17030Broken Link
http://marc.info/?l=bugtraq&m=111773528322711&w=2Third Party Advisory
http://secunia.com/advisories/15594Broken Link
http://www.osvdb.org/17030Broken Link

FAQ

What is CVE-2005-1876?

CVE-2005-1876 is a vulnerability with a CVSS score of 4.5 (MEDIUM). Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a templ...

How severe is CVE-2005-1876?

CVE-2005-1876 has been rated MEDIUM with a CVSS base score of 4.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-1876?

Check the references section above for vendor advisories and patch information. Affected products include: Cutephp Cutenews.