Vulnerability Details : CVE-2006-0660
Potential exploit
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
Vulnerability category: Directory traversal
Products affected by CVE-2006-0660
- cpe:2.3:a:farsinews:farsinews:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:farsinews:farsinews:2.1_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:farsinews:farsinews:2.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0660
14.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0660
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
References for CVE-2006-0660
-
http://forum.farsinewsteam.com/index.php?showtopic=76
-
http://www.vupen.com/english/advisories/2006/0506
-
http://www.securityfocus.com/archive/1/424720/100/0/threaded
-
http://secunia.com/advisories/18768
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24602
-
http://www.hamid.ir/security/farsinews2-5.txt
Exploit;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24598
-
http://www.securityfocus.com/bid/16580
Exploit
-
http://www.osvdb.org/23020
-
http://www.osvdb.org/23022
-
http://forum.farsinewsteam.com/index.php?showtopic=71
-
http://www.osvdb.org/23021
Jump to