3 matches found
CVE-2006-4768
Multiple direct static code injection vulnerabilities in addgo.php in Stefan Ernst Newsscript aka WM-News 0.5 beta allow remote attackers to execute arbitrary PHP code via the 1 description, 2 issue, 3 title, 4 var, 5 name, 6 keywords, and 7 note parameters, which are stored in an article file...
CVE-2006-4767
Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript aka WM-News 0.5beta allow remote attackers to 1 read arbitrary local files via a .. dot dot sequence in the ide parameter in modify.php and 2 write to arbitrary local files via a .. sequence in the var parameter in addgo.php...
CVE-2006-4767
The CVE-2006-4767 entry concerns Stefan Ernst Newsscript (aka WM-News) 0.5beta. The described vulnerabilities are directory traversal flaws caused by improper handling of a .. sequence: (1) in modify.php with the ide parameter could allow reading arbitrary local files, and (2) in add_go.php with ...