CyberSec.Space Logo
返回 CVE 浏览器

CVE-2006-4767

MEDIUM
6.4
CVSS Severity Score
EPSS Score0.0070%
EPSS Percentile34.98th
Published2006年9月13日
Last Modified2026年4月16日

Vulnerability Description

Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. (dot dot) sequence in the ide parameter in modify.php and (2) write to arbitrary local files via a .. sequence in the var parameter in add_go.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Affected Platforms (CPE)

📦
Stefan Ernst

Newsscript

= 0.5_beta

References & Advisories

🔗 http://secunia.com/advisories/21826
🔗 http://www.osvdb.org/28812
🔗 http://www.securityfocus.com/bid/84154
🔗 http://www.vupen.com/english/advisories/2006/3558
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/28894
🔗 http://secunia.com/advisories/21826
🔗 http://www.osvdb.org/28812
🔗 http://www.securityfocus.com/bid/84154

相关漏洞威胁

CVE-2005-073510.0

newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.

CVE-2006-46667.5

Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to exe...

CVE-2009-42627.5

Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to...

CVE-2006-47665.0

Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read a...