CzarNews multiple scripts PHP file include

czarnews-multiple-scripts-file-include (19765) The risk level is classified as MediumMedium Risk

Description:

CzarNews could allow a remote attacker to include malicious PHP files. If the register_globals option and allow_url_fopen are enabled, a remote attacker could send a specially-crafted dir parameter to the install\article.php, install\authorall.php, install\comment.php, install\display.php or install\displayall.php scripts to specify a malicious file from a remote system, which would allow the attacker to execute code on the vulnerable system.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of CzarNews (1.14 or later), available from the Czaries Network Web site. See References.

References:

  • Czaries Network Web site: Scripts.
  • BID-12857: CzarNews Remote File Include Vulnerability
  • BID-18411: Retired - CzarNews Headlines.PHP Remote File Include Vulnerability
  • CVE-2005-0859: PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the dir parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14.
  • OSVDB ID: 14925: CzarNews headlines.php Remote File Inclusion
  • OSVDB ID: 14926: CzarNews news.php tpath Variable Remote File Inclusion
  • SA14670: CzarNews "tpath" File Inclusion Vulnerability
  • SECTRACK ID: 1013486: CzarNews Include File Hole Lets Remote Users Execute Arbitrary Commands

Platforms Affected:

  • Czaries CzarNews 1.13b

Reported:

Mar 21, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page