Alias(es)WMNews.Multiple.Remote.File.Include.A, WMNews.Multiple.Remote.File.Include.E, WMNews.Multiple.Remote.File.Include.D, WMNews.Multiple.Remote.File.Include.C, WMNews.Multiple.Remote.File.Include.B |
Release DateJan 25, 2007 |
Severitylow |
ImpactArbitrary PHP code execution |
DescriptionMultiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php. |
Affected ProductsMikael Software WMNews 0.5 |
Recommended ActionsCurrently we are not aware of any vendor-supplied patches for this issue.ComScripts Web site, WM-News at http://www.comscripts.com/scripts/php.wm-news.203.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-4666 |
Reference/shttp://www.securityfocus.com/bid/19886 (BugTraq) |
