CVE-2006-4649

PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bingo_news:bingo_news:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:16

Type Values Removed Values Added
References () http://securitytracker.com/id?1016811 - () http://securitytracker.com/id?1016811 -
References () http://www.securityfocus.com/archive/1/445506/100/0/threaded - () http://www.securityfocus.com/archive/1/445506/100/0/threaded -
References () http://www.vupen.com/english/advisories/2006/3494 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/3494 - Vendor Advisory

Information

Published : 2006-09-08 21:04

Updated : 2024-11-21 00:16


NVD link : CVE-2006-4649

Mitre link : CVE-2006-4649

CVE.ORG link : CVE-2006-4649


JSON object : View

Products Affected

bingo_news

  • bingo_news
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')