Czarnews Security Vulnerabilities and Issues — Czarnews CVE List

Lucene search

Czaries NetworkCzarnews

4 matches found

CVE•added 2006/07/21 2:3 p.m.•36 views

CVE-2006-3685

PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859.

5.1CVSS7.5AI score0.22456EPSS

CVE•added 2006/04/06 10:4 a.m.•34 views

CVE-2006-1640

Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

2.6CVSS5.7AI score0.00804EPSS

CVE•added 2005/05/02 4:0 a.m.•33 views

CVE-2005-0859

PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from th...

7.5CVSS7.9AI score0.22456EPSS

CVE•added 2006/04/06 10:4 a.m.•29 views

CVE-2006-1641

Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php.

5.1CVSS8.5AI score0.01294EPSS