Description
PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by mozako · pythonwebappsphp
https://www.exploit-db.com/exploits/25180
References (5)
Core 5
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14449
Patch, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013345
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12696
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110989169008570&w=2
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110971663824719&w=2
Scores
EPSS
0.0424
EPSS Percentile
88.8%
Details
Status
published
Products (2)
phpnews/phpnews
1.2.3
phpnews/phpnews
1.2.4
Published
Mar 01, 2005
Tracked Since
Feb 18, 2026