Lucene search
K
Stefan ErnstNewsscript

4 matches found

CVE
CVE
added 2006/09/09 12:0 a.m.57 views

CVE-2006-4666

Multiple PHP remote file inclusion vulnerabilities affect Stefan Ernst Newsscript (aka WM-News) 0.5 beta. An attacker can cause arbitrary PHP code execution by supplying a URL in the vulnerable parameter: (1) ide in article.php, or (2) pwfile in delete.php, modify.php, admin.php, or modify_go.php...

7.5CVSS8AI score0.04294EPSS
CVE
CVE
added 2006/09/13 11:0 p.m.47 views

CVE-2006-4768

The CVE-2006-4768 entry concerns Stefan Ernst Newsscript (aka WM-News) 0.5 beta, where the add_go.php script is vulnerable to multiple direct static code injection via the parameters (description, issue, title, var, name, keywords, note) stored in an article file. This allows remote attackers to ...

5CVSS7.8AI score0.01294EPSS
CVE
CVE
added 2006/09/13 11:0 p.m.44 views

CVE-2006-4766

CVE-2006-4766 concerns a directory traversal vulnerability in the print.php script of Stefan Ernst Newsscript (aka WM-News) 0.5 beta. The issue allows remote attackers to read arbitrary files by supplying a .. path segment in the ide parameter, exposing partial confidentiality. The available refe...

5CVSS7AI score0.02943EPSS
CVE
CVE
added 2006/09/13 11:0 p.m.41 views

CVE-2006-4767

The CVE-2006-4767 entry concerns Stefan Ernst Newsscript (aka WM-News) 0.5beta. The described vulnerabilities are directory traversal flaws caused by improper handling of a .. sequence: (1) in modify.php with the ide parameter could allow reading arbitrary local files, and (2) in add_go.php with ...

6.4CVSS6.9AI score0.01531EPSS