CVE-2005-0860

Name of the Vulnerable Software and Affected Versions TRG News Script version 3.0

Description The issue allows remote attackers to execute arbitrary PHP code via the dir parameter to several API endpoints, including "article.php", "authorall.php", "comment.php", "display.php", and "displayall.php".

Recommendations For TRG News Script version 3.0, consider restricting access to the dir parameter in the affected API endpoints until a patch is available. As a temporary workaround, disabling the execution of remote PHP code in these endpoints can help minimize the risk of exploitation.