Vulnerability Description
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Farsinews | Farsinews | 2.1 |
References
- http://forum.farsinewsteam.com/index.php?showtopic=71
- http://forum.farsinewsteam.com/index.php?showtopic=76
- http://secunia.com/advisories/18768PatchVendor Advisory
- http://www.hamid.ir/security/farsinews2-5.txtExploitVendor Advisory
- http://www.osvdb.org/23020
- http://www.osvdb.org/23021
- http://www.osvdb.org/23022
- http://www.securityfocus.com/archive/1/424720/100/0/threaded
- http://www.securityfocus.com/bid/16580Exploit
- http://www.vupen.com/english/advisories/2006/0506
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24598
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24602
- http://forum.farsinewsteam.com/index.php?showtopic=71
- http://forum.farsinewsteam.com/index.php?showtopic=76
- http://secunia.com/advisories/18768PatchVendor Advisory
FAQ
What is CVE-2006-0660?
CVE-2006-0660 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in ...
How severe is CVE-2006-0660?
CVE-2006-0660 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0660?
Check the references section above for vendor advisories and patch information. Affected products include: Farsinews Farsinews.