Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-09-13T23:00:00
Updated: 2024-08-07T19:23:41.111Z
Reserved: 2006-09-13T00:00:00
Link: CVE-2006-4768
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-09-13T23:07:00.000
Modified: 2024-11-21T00:16:43.030
Link: CVE-2006-4768
Redhat
No data.