Vulnerabilities > CVE-2006-0660 - Directory Traversal and Local File Include vulnerability in Farsinews 2.1/2.1Beta2/2.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
description FarsiNews <= 2.5 Directory Traversal Arbitrary (users.db) Access Exploit. CVE-2006-0660. Webapps exploit for php platform id EDB-ID:1538 last seen 2016-01-31 modified 2006-02-28 published 2006-02-28 reporter Hessam-x source https://www.exploit-db.com/download/1538/ title farsinews <= 2.5 - Directory Traversal arbitrary users.db access Exploit description FarsiNews 2.1/2.5 show_archives.php template Parameter Traversal Arbitrary File Access. CVE-2006-0660. Webapps exploit for php platform id EDB-ID:27183 last seen 2016-02-03 modified 2006-02-10 published 2006-02-10 reporter Hamid Ebadi source https://www.exploit-db.com/download/27183/ title FarsiNews 2.1/2.5 show_archives.php template Parameter Traversal Arbitrary File Access
References
- http://forum.farsinewsteam.com/index.php?showtopic=71
- http://forum.farsinewsteam.com/index.php?showtopic=76
- http://secunia.com/advisories/18768
- http://www.hamid.ir/security/farsinews2-5.txt
- http://www.osvdb.org/23020
- http://www.osvdb.org/23021
- http://www.osvdb.org/23022
- http://www.securityfocus.com/archive/1/424720/100/0/threaded
- http://www.securityfocus.com/bid/16580
- http://www.vupen.com/english/advisories/2006/0506
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24598
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24602