CVE-2005-0720

Name of the Vulnerable Software and Affected Versions PHP mcNews version 1.3

Description A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code.

Recommendations For PHP mcNews version 1.3, consider restricting access to the admin/header.php file or validating the skinfile parameter to prevent remote file inclusion attacks. As a temporary workaround, avoid using the skinfile parameter in the affected API endpoint until the issue is resolved.