Searching through our forum, I came across few posts mentioning "my site was hacked" while using CuteNews. So before I made this post I wanted to be sure if everyone here knew about CuteNew's serious vulnerability by searching our forum. I am also a victim of recent vandalism by someone from Germany who knew about this exploit.

Please read Cutenews <= 1.4.5 usernames fetching exploit FIX and discussion for clear understanding how, why and how-to.

If you are using CuteNews as CMS for your site please visit the above URL and countermeasure for your CuteNews script. It looks like this information has been available since January of 2008 but I, like most people, have not maintained a regular visit to CuteNews forum so I failed to prevent my site from becoming the victim of this "hack."

I've known about this for ages, I have the exploit on my computer somewhere... Never gotten anywhere with it because of the hashes.

I try to warn people that I know use it and are going to use it about the exploit and some people don't seem to care and winge when their news gets hacked! I've stopped a few people from using it.

The whole thing basically started a while back, Habbo fansites all use Cutenews (except mine, I use Joomla) and there was a Habbo hating group that didn't want fansites anymore so they hack them that use Cutenews!