CVE-2019-11447
The target CuteNews instance has been identified to be vulnerable to CVE-2019-11447 due to its outdated version; 2.1.2
/Play/BBScute/3-Exploitation/attachments/{F1672BD2-B0B3-4A23-A938-2DE510BFCD01}.png)
A vulnerability was found in CutePHP CuteNews up to 2.1.2 (Content Management System). It has been declared as critical. This vulnerability affects some unknown functionality of the file index.php?mod=main&opt=personal. The manipulation of the argument avatar_file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434. Theproduct allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. As an impact it is known to affect confidentiality, integrity, and availability.
Exploit
/Play/BBScute/3-Exploitation/attachments/{10469837-1B02-401A-939A-74A8EF8FABB7}.png)
Found an exploit online