CVE-2006-4768 : Multiple direct static code injection vulnerabilities in add

Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis.

Published 2006-09-13 23:07:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2006-4768

Stefan Ernst » Newsscript » Version: 0.5 Beta
cpe:2.3:a:stefan_ernst:newsscript:0.5_beta:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-4768

EPSS FAQ

0.38%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 57 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-4768

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2006-4768

Jump to

Vulnerability Details : CVE-2006-4768

Products affected by CVE-2006-4768

Exploit prediction scoring system (EPSS) score for CVE-2006-4768

CVSS scores for CVE-2006-4768

References for CVE-2006-4768