CVE-2006-4768

Name of the Vulnerable Software and Affected Versions Stefan Ernst Newsscript (aka WM-News) version 0.5 beta

Description The issue allows remote attackers to execute arbitrary PHP code via several parameters in the add go.php file. These parameters include description, issue, title, var, name, keywords, and note, which are stored in an article file.

Recommendations For Stefan Ernst Newsscript (aka WM-News) version 0.5 beta, consider restricting access to the add go.php file and avoid using the vulnerable parameters until a fix is available. As a temporary workaround, consider validating and sanitizing all user input for the description, issue, title, var, name, keywords, and note parameters to prevent code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.