Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
czaries czarnews vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-4203
SQL injection vulnerability in cn_users.php in CzarNews 1.20 and previous versions allows remote malicious users to execute arbitrary SQL commands via a recook cookie.
Czaries Czarnews 1.12
Czaries Czarnews
Czaries Czarnews 1.13
Czaries Czarnews 1.14
2 EDB exploits
NA
CVE-2006-3685
PHP remote file inclusion vulnerability in CzarNews 1.12 up to and including 1.14 allows remote malicious users to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859.
Czaries Network Czarnews 1.12
Czaries Network Czarnews 1.13
Czaries Network Czarnews 1.14
1 EDB exploit
NA
CVE-2006-1641
Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote malicious users to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php.
Czaries Network Czarnews
Czaries Network Czarnews 1.13b
NA
CVE-2006-1640
Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote malicious users to inject arbitrary web script or HTML via the email parameter.
Czaries Network Czarnews 1.14
NA
CVE-2005-0859
PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote malicious users to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is l...
Czaries Network Czarnews 1.13b
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started