CVE-2006-0660

Sažetak

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.

Reference

http://forum.farsinewsteam.com/index.php?showtopic=71
http://forum.farsinewsteam.com/index.php?showtopic=76
http://secunia.com/advisories/18768
http://www.hamid.ir/security/farsinews2-5.txt
http://www.osvdb.org/23020
http://www.osvdb.org/23021
http://www.osvdb.org/23022
http://www.securityfocus.com/archive/1/424720/100/0/threaded
http://www.securityfocus.com/bid/16580
http://www.vupen.com/english/advisories/2006/0506
https://exchange.xforce.ibmcloud.com/vulnerabilities/24598
https://exchange.xforce.ibmcloud.com/vulnerabilities/24602

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:45

Objavljeno

13-02-2006 - 11:06