Vulnerabilities > CVE-2006-4678 - Remote Security vulnerability in Comscripts News Evolution 3.0.3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
comscripts
exploit available
NVD
Published: 2006-09-11
Updated: 2018-10-17

Summary

PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.

Vulnerable Configurations

Part Description Count
Application
Comscripts
1

Exploit-Db

descriptionNews Evolution 3.0.3 _NE[AbsPath] Remote File Include Vulnerabilities. CVE-2006-4678. Webapps exploit for php platform
idEDB-ID:2325
last seen2016-01-31
modified2006-09-07
published2006-09-07
reporterddoshomo
sourcehttps://www.exploit-db.com/download/2325/
titleNews Evolution 3.0.3 - _NEAbsPath Remote File Include Vulnerabilities

References