PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote malicious users to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 up to and including 1.14.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
czaries network czarnews 1.13b |