CVE-2006-0660

Exploit

EPSS 4.62%
Veröffentlicht 13.02.2006 11:06:00
Zuletzt bearbeitet 16.06.2026 22:21:01
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".."  or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Farsinews ≫ Farsinews Version2.1

Farsinews ≫ Farsinews Version2.1_beta2

Farsinews ≫ Farsinews Version2.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.62%	0.905

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://forum.farsinewsteam.com/index.php?showtopic=71

http://forum.farsinewsteam.com/index.php?showtopic=76

http://secunia.com/advisories/18768

Patch

Vendor Advisory

http://www.hamid.ir/security/farsinews2-5.txt

Vendor Advisory

Exploit

http://www.osvdb.org/23020

http://www.osvdb.org/23021

http://www.osvdb.org/23022

http://www.securityfocus.com/archive/1/424720/100/0/threaded

http://www.securityfocus.com/bid/16580

Exploit

http://www.vupen.com/english/advisories/2006/0506

https://exchange.xforce.ibmcloud.com/vulnerabilities/24598

https://exchange.xforce.ibmcloud.com/vulnerabilities/24602

https://nvd.nist.gov/vuln/detail/CVE-2006-0660

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0660

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0660

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2006-0660