CuteNews 2.1.2 (and possibly earlier) Impact: Full system compromise via arbitrary PHP code execution Vulnerability Type Unrestricted File Upload + Path Traversal leading to RCE.
CVE (if assigned): None officially (legacy, pre-CVE-mass-assignment), but documented in exploit databases (EDB-ID: 37474, 37475) cutenews 2.1.2 exploit
Quomon.es