CVE-2006-5434
published 2006-10-20CVE-2006-5434: PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.47%
82.5th percentile
PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| p-news | p-news | — | — |
| p-news | p-news | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
p-news 1.16/1.17 p-news.php pn_lang file inclusion (EDB-2577 / XFDB-29587)
vuldb·2026-04-25·CVSS 7.5
CVE-2006-5434 [HIGH] p-news 1.16/1.17 p-news.php pn_lang file inclusion (EDB-2577 / XFDB-29587)
A vulnerability classified as critical has been found in p-news 1.16/1.17. The affected element is an unknown function of the file p-news.php. The manipulation of the argument pn_lang leads to file inclusion.
This vulnerability is referenced as CVE-2006-5434. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
GHSA
GHSA-r6qg-fhrj-6jmf: PHP remote file inclusion vulnerability in p-news
ghsa_unreviewed·2022-05-01
CVE-2006-5434 [HIGH] GHSA-r6qg-fhrj-6jmf: PHP remote file inclusion vulnerability in p-news
PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter.
No detection rules found.
No writeups or analysis indexed.
2006-10-20
Published