Vulnerabilities > CVE-2006-2406 - Directory Traversal vulnerability in Unclassified NewsBoard

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
unclassified-newsboard
exploit available
NVD
Published: 2006-05-16
Updated: 2008-09-05

Summary

Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter.

Vulnerable Configurations

Part Description Count
Application
Unclassified_Newsboard
1

Exploit-Db

descriptionUnclassified NewsBoard <= 1.6.1 patch 1 Arbitrary Local Inclusion Exploit. CVE-2006-2405,CVE-2006-2406. Webapps exploit for php platform
idEDB-ID:1777
last seen2016-01-31
modified2006-05-11
published2006-05-11
reporterrgod
sourcehttps://www.exploit-db.com/download/1777/
titleUnclassified NewsBoard <= 1.6.1 patch 1 - Arbitrary Local Inclusion Exploit

References