CVE-2006-4671

Published: Sep 11, 2006Modified: Apr 16, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154.

Affected (4)

Products: Fscripts: Fantastic News

Fscripts

1 product

Fantastic News

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fscripts Fantastic News	Up to 2.1.4
Fscripts Fantastic News	Version 2.1.1
Fscripts Fantastic News	Version 2.1.2
Fscripts Fantastic News	Version 2.1.3

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://secunia.com/advisories/21807

Source: cve@mitre.org

ExploitVendor Advisory

http://secunia.com/advisories/23519

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/21796

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3513

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/31121

Source: cve@mitre.org

https://www.exploit-db.com/exploits/3027

Source: cve@mitre.org

http://secunia.com/advisories/21807