PHP Remote File Inclusion Vulnerability in WEB//NEWS by WebNews
CVE-2006-5100

Currently unrated

Key Information:

Vendor

Netwin

Status
Webnews
Vendor
CVE Published:
3 October 2006

What is CVE-2006-5100?

The vulnerability in WEB//NEWS versions 1.4 and earlier arises from a remote file inclusion flaw located in the parse/parser.php file. This vulnerability allows attackers to exploit the WN_BASEDIR parameter, enabling them to execute arbitrary PHP code on the server by injecting a manipulated URL. Such an attack can lead to severe consequences, including unauthorized access to sensitive data and compromise of the entire system. Ensuring that affected versions are patched and updated is crucial to maintaining the security integrity of your web applications.

References

http://www.securityfocus.com/bid/20239
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/29167
vdb-entryx_refsource_XF
https://www.exploit-db.com/exploits/2435
exploitx_refsource_EXPLOIT-DB

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.