CVE-2006-3685
CVE-2006-3685 describes a PHP remote file inclusion vulnerability in CzarNews versions 1.12 through 1.14. An attacker can cause arbitrary PHP code execution by supplying a URL in the tpath parameter to cn_config.php. This is a classic RFI flaw where user-controlled input is used to include files ...