Vulnerabilities > CVE-2005-0859 - Remote File Include vulnerability in Czaries Network Czarnews 1.13B
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description CzarNews <= 1.14 (tpath) Remote File Inclusion Vulnerability. CVE-2005-0859,CVE-2006-3685. Webapps exploit for php platform file exploits/php/webapps/2009.txt id EDB-ID:2009 last seen 2016-01-31 modified 2006-07-13 platform php port published 2006-07-13 reporter SHiKaA source https://www.exploit-db.com/download/2009/ title CzarNews <= 1.14 tpath Remote File Inclusion Vulnerability type webapps description CzarNews 1.13/1.14 headlines.php Remote File Inclusion. CVE-2005-0859. Webapps exploit for php platform id EDB-ID:25244 last seen 2016-02-03 modified 2005-03-21 published 2005-03-21 reporter brOmstar source https://www.exploit-db.com/download/25244/ title CzarNews 1.13/1.14 headlines.php Remote File Inclusion
References
- http://secunia.com/advisories/14670
- http://securitytracker.com/id?1013486
- http://www.osvdb.org/14925
- http://www.osvdb.org/14926
- http://www.securityfocus.com/bid/12857
- http://www.securityfocus.com/bid/18411
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19765
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27733
- https://www.exploit-db.com/exploits/2009