CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-0660

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.126

EPSS Ranking 93.6%

CVSS Severity

CVSS v2 Score 6.4

References

http://forum.farsinewsteam.com/index.php?showtopic=71
http://forum.farsinewsteam.com/index.php?showtopic=76
http://secunia.com/advisories/18768
http://www.hamid.ir/security/farsinews2-5.txt
http://www.osvdb.org/23020
http://www.osvdb.org/23021
http://www.osvdb.org/23022
http://www.securityfocus.com/archive/1/424720/100/0/threaded
http://www.securityfocus.com/bid/16580
http://www.vupen.com/english/advisories/2006/0506
https://exchange.xforce.ibmcloud.com/vulnerabilities/24598
https://exchange.xforce.ibmcloud.com/vulnerabilities/24602
http://forum.farsinewsteam.com/index.php?showtopic=71
http://forum.farsinewsteam.com/index.php?showtopic=76
http://secunia.com/advisories/18768
http://www.hamid.ir/security/farsinews2-5.txt
http://www.osvdb.org/23020
http://www.osvdb.org/23021
http://www.osvdb.org/23022
http://www.securityfocus.com/archive/1/424720/100/0/threaded
http://www.securityfocus.com/bid/16580
http://www.vupen.com/english/advisories/2006/0506
https://exchange.xforce.ibmcloud.com/vulnerabilities/24598
https://exchange.xforce.ibmcloud.com/vulnerabilities/24602

Products affected by CVE-2006-0660

Farsinews » Farsinews » Version: 2.1

cpe:2.3:a:farsinews:farsinews:2.1
Farsinews » Farsinews » Version: 2.1_beta2

cpe:2.3:a:farsinews:farsinews:2.1_beta2
Farsinews » Farsinews » Version: 2.5

cpe:2.3:a:farsinews:farsinews:2.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-0660

Products

Pricing

Contact Us