Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2005-3010
Description:Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.
Test IDs: 1.3.6.1.4.1.25623.1.0.55372  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2005-3010
BugTraq ID: 14869
http://www.securityfocus.com/bid/14869
Bugtraq: 20050917 CuteNews 1.4.0 remote code execution (Google Search)
http://www.securityfocus.com/archive/1/411057
http://securityreason.com/securityalert/14




© 1998-2024 E-Soft Inc. All rights reserved.