Description
PHP remote file inclusion vulnerability in TRG News Script 3.0 allows remote attackers to execute arbitrary PHP code via the dir parameter to (1) article.php, (2) authorall.php, (3) comment.php, (4) display.php, or (5) displayall.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Frank_Reiner · textwebappsphp
https://www.exploit-db.com/exploits/25243
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12855
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013487
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14669
Scores
EPSS
0.0168
EPSS Percentile
82.4%
Details
Status
published
Products (1)
the_rusted_gate/trg_news
3.0
Published
May 02, 2005
Tracked Since
Feb 18, 2026