CVE-2006-4647

2006-09-0821:00:00

mitre

www.cve.org

AI Score

7.6

Confidence

High

EPSS

0.153

Percentile

95.9%

JSON

PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter.

References

secunia.com/advisories/21760

www.osvdb.org/28554

www.securityfocus.com/bid/19862

www.vupen.com/english/advisories/2006/3474

exchange.xforce.ibmcloud.com/vulnerabilities/28758

www.exploit-db.com/exploits/2309