CVE-2006-5282

Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-13 03:07:00.000-04
Last Modified2018-10-17 05:42:00.000-04

Vulnerable Software List

VendorProductVersions
Sh-news Sh-news 3.1

References

SourceLink
BUGTRAQ20070614 RFI In Script SH-News 3.1
BID20478
VUPENADV-2006-4014
XFshnews-multiple-file-include(29477)
EXPLOIT-DB2518