CVE-2005-0800

mcNews <= 1.3 - Remote File Inclusion via Install.php l Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0800. PoCs published by Jonathan Whiteley.

AI-analyzed exploit summary The code describes a remote file include vulnerability in mcNews 1.3 and prior due to unsanitized input in the 'install.php' script. The example URL demonstrates how an attacker could exploit this by including a remote file via the 'l' parameter.

Description

PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Jonathan Whiteley · textwebappsphp
https://www.exploit-db.com/exploits/25232

The code describes a remote file include vulnerability in mcNews 1.3 and prior due to unsanitized input in the 'install.php' script. The example URL demonstrates how an attacker could exploit this by including a remote file via the 'l' parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: mcNews 1.3 and prior
No auth needed
Prerequisites: Access to the vulnerable 'install.php' script · Remote file hosting for payload
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19726
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/445606/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14528
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12835
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111108900102438&w=2

Scores

EPSS 0.0296
EPSS Percentile 85.5%

Details

Status published
Products (5)
mcnews/mcnews 1.0
mcnews/mcnews 1.1
mcnews/mcnews 1.1a
mcnews/mcnews 1.2
mcnews/mcnews 1.3
Published May 02, 2005
Tracked Since Feb 18, 2026