Vulnerabilities > Czaries Network > Czarnews > 1.14

DATE CVE VULNERABILITY TITLE RISK
2006-07-21 CVE-2006-3685 Remote File Include vulnerability in Czaries Network Czarnews 1.12/1.13/1.14
PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php.
network
high complexity
czaries-network
5.1
5.1
2006-04-06 CVE-2006-1640 Input Validation vulnerability in Czaries Network Czarnews 1.14
Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
network
high complexity
czaries-network
2.6
2.6