CVE-2005-0859

CzarNews 1.13b - Remote File Inclusion via tpath Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-0859. PoCs published by SHiKaA, brOmstar.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in CzarNews versions up to 1.14. It allows an attacker to include and execute arbitrary remote files via the 'tpath' parameter in 'news.php' or 'cn_config.php'.

Description

PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14.

Exploits (2)

exploitdb WORKING POC VERIFIED
by SHiKaA · textwebappsphp
https://www.exploit-db.com/exploits/2009

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in CzarNews versions up to 1.14. It allows an attacker to include and execute arbitrary remote files via the 'tpath' parameter in 'news.php' or 'cn_config.php'.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: CzarNews <= v1.14
No auth needed
Prerequisites: Remote shell or malicious file hosted on an accessible server · Target application with vulnerable CzarNews installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by brOmstar · textwebappsphp
https://www.exploit-db.com/exploits/25244

The provided text describes a remote file-include vulnerability in CzarNews 1.13b, allowing arbitrary server-side script execution via a malicious URL parameter. No actual exploit code is included, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: CzarNews 1.13b
No auth needed
Prerequisites: Access to the target web application · Ability to craft a malicious URL with an external server hosting arbitrary code
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2009
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12857
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19765
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1013486
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27733
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14670
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18411
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/14925
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/14926

Scores

EPSS 0.1140
EPSS Percentile 95.4%

Details

Status published
Products (1)
czaries_network/czarnews 1.13b
Published May 02, 2005
Tracked Since Feb 18, 2026