2 matches found
CVE-2006-4768
The CVE-2006-4768 entry concerns Stefan Ernst Newsscript (aka WM-News) 0.5 beta, where the add_go.php script is vulnerable to multiple direct static code injection via the parameters (description, issue, title, var, name, keywords, note) stored in an article file. This allows remote attackers to ...
CVE-2006-4768
Multiple direct static code injection vulnerabilities in addgo.php in Stefan Ernst Newsscript aka WM-News 0.5 beta allow remote attackers to execute arbitrary PHP code via the 1 description, 2 issue, 3 title, 4 var, 5 name, 6 keywords, and 7 note parameters, which are stored in an article file...