← Voltar para CVEs

CVE-2005-0859

N/A

Descricao

PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14.

Detalhes CVE

Pontuacao CVSS v3.1N/A

Publicado5/2/2005

Ultima modificacao4/16/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

czaries_network:czarnews

Referencias

http://secunia.com/advisories/14670(cve@mitre.org)

http://securitytracker.com/id?1013486(cve@mitre.org)

http://www.osvdb.org/14925(cve@mitre.org)

http://www.osvdb.org/14926(cve@mitre.org)

http://www.securityfocus.com/bid/12857(cve@mitre.org)

http://www.securityfocus.com/bid/18411(cve@mitre.org)

https://exchange.xforce.ibmcloud.com/vulnerabilities/19765(cve@mitre.org)

https://exchange.xforce.ibmcloud.com/vulnerabilities/27733(cve@mitre.org)

https://www.exploit-db.com/exploits/2009(cve@mitre.org)

http://secunia.com/advisories/14670(af854a3a-2127-422b-91ae-364da2661108)

http://securitytracker.com/id?1013486(af854a3a-2127-422b-91ae-364da2661108)

http://www.osvdb.org/14925(af854a3a-2127-422b-91ae-364da2661108)

http://www.osvdb.org/14926(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/12857(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/18411(af854a3a-2127-422b-91ae-364da2661108)

https://exchange.xforce.ibmcloud.com/vulnerabilities/19765(af854a3a-2127-422b-91ae-364da2661108)

https://exchange.xforce.ibmcloud.com/vulnerabilities/27733(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/2009(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.