CNNVD-202601-1954 Information

CNNVD ID

CNNVD-202601-1954

Related CVE

CVE-2021-47751

• CNNVD Published: 2026-01-13

Description (Chinese)

CutePHP CuteNews是一套新闻管理系统。该系统具有搜索、文件上传管理、访问控制、备份和恢复等功能。 CutePHP CuteNews 6.6版本存在路径遍历漏洞，该漏洞源于浏览模板功能存在目录遍历，可能导致写入任意文件。

Description (English)

CutePHP CuteNews is a news management system. The system has search, file upload management, access control, backup and recovery functions. Version 6.6 of CutePHP CuteNews has a path-to-penetrating loophole, which stems from the browsing template function, which has a directory-to-house function, which may lead to the writing of any file.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2026-01-13

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/cuteeditor-for-php-directory-traversal http://phphtmledit.com/ https://www.exploit-db.com/exploits/50994 https://access.redhat.com/security/cve/cve-2021-47751

Patch

http://phphtmledit.com/download.html