CVE-2005-0800
mcNews <= 1.3 - Remote File Inclusion via Install.php l Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-0800. PoCs published by Jonathan Whiteley.
AI-analyzed exploit summary The code describes a remote file include vulnerability in mcNews 1.3 and prior due to unsanitized input in the 'install.php' script. The example URL demonstrates how an attacker could exploit this by including a remote file via the 'l' parameter.
Description
PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720.
Exploits (1)
The code describes a remote file include vulnerability in mcNews 1.3 and prior due to unsanitized input in the 'install.php' script. The example URL demonstrates how an attacker could exploit this by including a remote file via the 'l' parameter.