CyberSec.Space Logo
Back to CVE Browser

CVE-2006-4666

HIGH
7.5
CVSS Severity Score
EPSS Score0.0680%
EPSS Percentile42.80th
PublishedSep 9, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php.

Affected Platforms (CPE)

πŸ“¦
Stefan Ernst

Newsscript

= 0.5

References & Advisories

πŸ”— http://secunia.com/advisories/21826
πŸ”— http://securityreason.com/securityalert/1533
πŸ”— http://securitytracker.com/id?1016813
πŸ”— http://www.osvdb.org/28813
πŸ”— http://www.securityfocus.com/archive/1/445523/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/19886
πŸ”— http://www.vupen.com/english/advisories/2006/3558
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/28813

Related Vulnerabilities

CVE-2005-073510.0

newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.

CVE-2009-42627.5

Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to...

CVE-2006-47676.4

Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read a...

CVE-2006-47665.0

Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read a...