Corenews: >> Corenews >> 2.0.1 Security Vulnerabilities
PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue.
CVSS Score
6.4
EPSS Score
0.006
Published
2006-04-26
Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a "page" parameter or variable.
CVSS Score
7.5
EPSS Score
0.056
Published
2006-03-14