CVE-2006-4276

HIGH

7.5

CVSS Severity Score

EPSS Score0.0660%

EPSS Percentile34.37th

PublishedAug 21, 2006

Last ModifiedApr 16, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php.

Affected Platforms (CPE)

📦

Tutti Nova

<= 1.6

References & Advisories

🔗 http://secunia.com/advisories/21572

🔗 http://www.osvdb.org/28028

🔗 http://www.securityfocus.com/bid/19612

🔗 http://www.vupen.com/english/advisories/2006/3335

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/28471

🔗 https://www.exploit-db.com/exploits/2220