https://www.securityfocus.com/bid/90460
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200408-233

CuteNews1.3.6及其早期版本存在PHPremotefileinclusion漏洞。远程攻击者借助(1)show_archives.php或者(2)show_news.php的cutepath参数执行任意PHP代码。

CutePHP CuteNews 1.3.6

来源:XF
名称:cutenews-file-include(17288)
链接:http://xforce.iss.net/xforce/xfdb/17288
来源:www.7a69ezine.org
链接:http://www.7a69ezine.org/node/view/130
来源:SECUNIA
名称:12432
链接:http://secunia.com/advisories/12432
来源:BUGTRAQ
名称:20040830RE:CuteNewsNews.txtwritabletoworld
链接:http://seclists.org/lists/bugtraq/2004/Sep/0014.html