Vulnerability Details CVE-2006-4678
PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://securityreason.com/securityalert/1536
- http://www.securityfocus.com/archive/1/445576/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28803
- http://securityreason.com/securityalert/1536
- http://www.securityfocus.com/archive/1/445576/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28803
Products affected by CVE-2006-4678
-
cpe:2.3:a:comscripts:news_evolution:3.0.3