CVE-2006-4768

N/A Unknown
Published: September 13, 2006 Modified: April 16, 2026
View on NVD

Description

Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/21826
Source: cve@mitre.org
Vendor Advisory
http://www.osvdb.org/28814
Source: cve@mitre.org
http://www.securityfocus.com/bid/84155
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2006/3558
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/28900
Source: cve@mitre.org
http://secunia.com/advisories/21826
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.osvdb.org/28814
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/84155
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2006/3558
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/28900
Source: af854a3a-2127-422b-91ae-364da2661108

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.5%
65th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

stefan_ernst