Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-13T23:00:00

Updated: 2024-08-07T19:23:41.111Z

Reserved: 2006-09-13T00:00:00

Link: CVE-2006-4768

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-09-13T23:07:00.000

Modified: 2024-11-21T00:16:43.030

Link: CVE-2006-4768

cve-icon Redhat

No data.