Intrusion Prevention

WebNews.Template.PHP.Remote.File.Inclusion

Description

A PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter.

Affected Products

Web-News version 1.6.3 and prior.

Impact

Execute arbitrary PHP code.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
SourceForge Website, Web-News at http://sourceforge.net/projects/web-news/.

CVE References

CVE-2006-5053