Unrated severityNVD Advisory· Published Sep 13, 2006· Updated Apr 16, 2026

CVE-2006-4768

Description

Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis.

Affected products

Stefan Ernst/Newsscript
cpe:2.3:a:stefan_ernst:newsscript:0.5_beta:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/21826nvdVendor Advisory
www.osvdb.org/28814nvd
www.securityfocus.com/bid/84155nvd
www.vupen.com/english/advisories/2006/3558nvd
exchange.xforce.ibmcloud.com/vulnerabilities/28900nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000