CuteNews versions (specifically 2.1.2) are highly vulnerable to RCE via the Avatar upload feature: Vulnerability : CVE-2019-11447.
The default credentials for a fresh CuteNews installation were often or admin / password . The Story of the "Default" Ghost cutenews default credentials
CuteNews (a small PHP-based news/blog system) historically shipped with default admin credentials in some older releases or sample configs, which can let attackers access installations that weren't secured after install. CuteNews versions (specifically 2
In addition to changing default credentials, follow these best practices to secure your CuteNews installation: cutenews default credentials