CVE-2006-1823

Sažetak

Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message.

Reference

http://secunia.com/advisories/19648
http://securityreason.com/securityalert/710
http://securitytracker.com/id?1015943
http://www.securityfocus.com/archive/1/431011/100/0/threaded
http://www.vupen.com/english/advisories/2006/1411

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:36

Objavljeno

18-04-2006 - 10:02