CVE-2006-6462

Published: Dec 11, 2006Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in engine/oldnews.inc.php in CM68 News 12.02.06 allows remote attackers to execute arbitrary PHP code via a URL in the addpath parameter.

Affected (1)

Products: Cm68 News: Cm68 News

Cm68 News

1 product

Cm68 News

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cm68 News Cm68 News	Version 12.02.06

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://cm68.de/?cm68news_download

Source: cve@mitre.org

http://secunia.com/advisories/23326

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/21499

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2006/4911

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/30785

Source: cve@mitre.org

https://www.exploit-db.com/exploits/2897

Source: cve@mitre.org

http://cm68.de/?cm68news_download