Skip to main content

CVE-2006-4767

Severity Medium
Score 6.4/10

Summary

Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. (dot dot) sequence in the ide parameter in modify.php and (2) write to arbitrary local files via a .. sequence in the var parameter in add_go.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • NONE

References

Advisory Timeline

  • Published