CVE-2006-4768 Information

Description

Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description (2) issue (3) title (4) var (5) name (6) keywords and (7) note parameters which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis.

Reference

http://secunia.com/advisories/21826 http://www.osvdb.org/28814 http://www.securityfocus.com/bid/84155 http://www.vupen.com/english/advisories/2006/3558 https://exchange.xforce.ibmcloud.com/vulnerabilities/28900