Published: 09/09/2006 Updated: 17/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote malicious users to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
stefan ernst newsscript 0.5

# ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ---- # WM-News v05 - Remote File Include Vulnerabilities # site : wwwcomscriptscom/jumpphp?action=script&id=203 # Script : WM-News v05 # Credits : ERNE # Contact : erne@ernealizmcom and ircgigachatnet #kurdhack # Thanks : BLaCKWHITE, B0tan, FearLesS, B3g0k, Liz0zim, EntRiKa, Dj ...

source: wwwsecurityfocuscom/bid/19890/info The Book Catalog module for PHP-Nuke is prone to a vulnerability that lets attackers upload arbitrary files Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible Book Catalog 10 is vulnerable; other versions may a ...

CWE-94 http://www.securityfocus.com/bid/19886 http://secunia.com/advisories/21826 http://securitytracker.com/id?1016813 http://www.osvdb.org/28813 http://securityreason.com/securityalert/1533 http://www.vupen.com/english/advisories/2006/3558 https://exchange.xforce.ibmcloud.com/vulnerabilities/28892 https://exchange.xforce.ibmcloud.com/vulnerabilities/28813 http://www.securityfocus.com/archive/1/445523/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/2326/

CVE-2006-4666

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect