Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026

CVE-2005-0679

Description

PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. NOTE: it was later reported that 2.4 is also affected.

Affected products

Stadtaus/Tell A Friend Script
cpe:2.3:a:stadtaus:tell_a_friend_script:*:*:*:*:*:*:*:*
Range: <=2.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitytracker.com/idnvdPatch
www.stadtaus.com/forum/t-1579.htmlnvdPatchVendor Advisory
arfis.wordpress.com/2007/09/13/rfi-02-openelibrary/nvd
www.osvdb.org/14628nvd
www.securityfocus.com/archive/1/474954/100/0/threadednvd
www.stadtaus.com/forum/t-1578.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/19630nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000