Stefan Ernst · Stefan Ernst Newsscript · CVE-2006-4766
**Name of the Vulnerable Software and Affected Versions**
Stefan Ernst Newsscript (aka WM-News) version 0.5 beta
**Description**
The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `ide` parameter in print.php.
**Recommendations**
For version 0.5 beta, consider restricting access to the print.php file or the `ide` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.