PT-2006-6512 · Newp · Newp News Publication System

Navairum

Published

2006-11-10

Updated

2018-10-17

CVE-2006-5838

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: NewP News Publication System version 1.0.0

Description: The issue allows remote attackers to execute arbitrary PHP code via the path parameter in lib/class.Database.php when register globals is enabled.

Recommendations: For NewP News Publication System version 1.0.0, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the lib/class.Database.php file to minimize the risk of arbitrary PHP code execution. Avoid using the path parameter in vulnerable configurations until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5838

Affected Products

Newp News Publication System

PT-2006-6512 · Newp · Newp News Publication System

CVE-2006-5838

Related Identifiers

Affected Products

References · 6