7.5

CVE-2005-0859

EPSS 17.16%
Veröffentlicht 02.05.2005 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php.  NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report.  Also, the news.php version was later reported to be in 1.12 through 1.14.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Czaries Network ≫ Czarnews Version1.13b

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	17.16%	0.948

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/14670

Patch

Vendor Advisory

http://securitytracker.com/id?1013486

http://www.osvdb.org/14925

http://www.osvdb.org/14926

http://www.securityfocus.com/bid/12857

http://www.securityfocus.com/bid/18411

https://exchange.xforce.ibmcloud.com/vulnerabilities/19765

https://exchange.xforce.ibmcloud.com/vulnerabilities/27733

https://www.exploit-db.com/exploits/2009

https://nvd.nist.gov/vuln/detail/CVE-2005-0859

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-0859

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-0859

EUVD