CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-2405

Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.156

EPSS Ranking 94.4%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2006-2405

Unclassified Newsboard » Unclassified Newsboard » Version: Any

cpe:2.3:a:unclassified_newsboard:unclassified_newsboard:*
Unclassified Newsboard » Unclassified Newsboard » Version: 1.5.3

cpe:2.3:a:unclassified_newsboard:unclassified_newsboard:1.5.3
Unclassified Newsboard » Unclassified Newsboard » Version: 1.5.3_patch3

cpe:2.3:a:unclassified_newsboard:unclassified_newsboard:1.5.3_patch3
Unclassified Newsboard » Unclassified Newsboard » Version: 1.5.3a

cpe:2.3:a:unclassified_newsboard:unclassified_newsboard:1.5.3a
Unclassified Newsboard » Unclassified Newsboard » Version: 1.6.1

cpe:2.3:a:unclassified_newsboard:unclassified_newsboard:1.6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-2405

Products

Pricing

Contact Us