Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026
CVE-2005-0859
CVE-2005-0859
Description
PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14.
Affected products
1- cpe:2.3:a:czaries_network:czarnews:1.13b:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- secunia.com/advisories/14670nvdPatchVendor Advisory
- securitytracker.com/idnvd
- www.osvdb.org/14925nvd
- www.osvdb.org/14926nvd
- www.securityfocus.com/bid/12857nvd
- www.securityfocus.com/bid/18411nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/19765nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27733nvd
- www.exploit-db.com/exploits/2009nvd
News mentions
0No linked articles in our index yet.