CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-4768

Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.5%

CVSS Severity

CVSS v2 Score 5.0

References

http://secunia.com/advisories/21826
http://www.osvdb.org/28814
http://www.securityfocus.com/bid/84155
http://www.vupen.com/english/advisories/2006/3558
https://exchange.xforce.ibmcloud.com/vulnerabilities/28900
http://secunia.com/advisories/21826
http://www.osvdb.org/28814
http://www.securityfocus.com/bid/84155
http://www.vupen.com/english/advisories/2006/3558
https://exchange.xforce.ibmcloud.com/vulnerabilities/28900

Products affected by CVE-2006-4768

Stefan Ernst » Newsscript » Version: 0.5_beta

cpe:2.3:a:stefan_ernst:newsscript:0.5_beta

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-4768

Products

Pricing

Contact Us