Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.2%