Lucene search

[email protected]CVE-2006-4768

HistorySep 13, 2006 - 11:07 p.m.

CVE-2006-4768

2006-09-1323:07:00

[email protected]

web.nvd.nist.gov

cve-2006-4768

code injection

stefan ernst newsscript

remote attack

php

arbitrary code

vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.8 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.2%

JSON

Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis.

Affected configurations

NVD

Node

stefan_ernstnewsscriptMatch0.5_beta

CPENameOperatorVersion
stefan_ernst:newsscriptstefan ernst newsscripteq0.5_beta

CPE	Name	Operator	Version
stefan_ernst:newsscript	stefan ernst newsscript	eq	0.5_beta

References

secunia.com/advisories/21826

www.osvdb.org/28814

www.securityfocus.com/bid/84155

www.vupen.com/english/advisories/2006/3558

exchange.xforce.ibmcloud.com/vulnerabilities/28900

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.8 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.2%

JSON

Related for CVE-2006-4768

cvelist1 nvd1