Vulnerabilities > Czaries Network > Czarnews > 1.14
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-07-21 | CVE-2006-3685 | Remote File Include vulnerability in Czaries Network Czarnews 1.12/1.13/1.14 PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. | 5.1 |
2006-04-06 | CVE-2006-1640 | Input Validation vulnerability in Czaries Network Czarnews 1.14 Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | 2.6 |