CVE-2006-4768

Published: Sep 13, 2006Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis.

Affected (1)

Products: Stefan Ernst: Newsscript

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Stefan Ernst Newsscript	Version 0.5_beta

References (10)

http://secunia.com/advisories/21826

Source: cve@mitre.org

Vendor Advisory

http://www.osvdb.org/28814

Source: cve@mitre.org

http://www.securityfocus.com/bid/84155

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3558

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/28900

Source: cve@mitre.org

http://secunia.com/advisories/21826

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.osvdb.org/28814

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/84155

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/3558

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/28900

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.