CVE-2006-3685
- EPSS 6.68%
- Veröffentlicht 21.07.2006 14:03:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859.
CVE-2006-1640
- EPSS 0.8%
- Veröffentlicht 06.04.2006 10:04:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2006-1641
- EPSS 1.29%
- Veröffentlicht 06.04.2006 10:04:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php.
CVE-2005-0859
- EPSS 17.16%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; how...