PHP remote file inclusion vulnerability in CzarNews 1.12 up to and including 1.14 allows remote malicious users to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
czaries network czarnews 1.12 |
||
czaries network czarnews 1.13 |
||
czaries network czarnews 1.14 |