CVE-2006-4768 : Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta al

Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis.

Published 2006-09-13 23:07:00

Updated 2017-07-20 01:33:18

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2006-4768

Probability of exploitation activity in the next 30 days: 1.35%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-4768

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2006-4768

Products affected by CVE-2006-4768

Stefan Ernst » Newsscript » Version: 0.5 Beta
cpe:2.3:a:stefan_ernst:newsscript:0.5_beta:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-4768

Exploit prediction scoring system (EPSS) score for CVE-2006-4768

CVSS scores for CVE-2006-4768

References for CVE-2006-4768

Products affected by CVE-2006-4768