Vulnerabilities > CVE-2006-5716 - Remote File Include vulnerability in Freenews 2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. (dot dot) sequence in the chemin parameter, when the aff_news parameter is not set to "1."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Freenews 1.1 Aff_News.PHP Remote File Include Vulnerability. CVE-2006-5716 . Webapps exploit for php platform |
id | EDB-ID:28875 |
last seen | 2016-02-03 |
modified | 2006-10-30 |
published | 2006-10-30 |
reporter | MoHaNdKo |
source | https://www.exploit-db.com/download/28875/ |
title | Freenews 1.1 Aff_News.PHP Remote File Include Vulnerability |
References
- http://securityreason.com/securityalert/1822
- http://www.securityfocus.com/archive/1/450012/100/0/threaded
- http://www.securityfocus.com/archive/1/450081/100/0/threaded
- http://www.securityfocus.com/archive/1/450157/100/0/threaded
- http://www.securityfocus.com/bid/20795
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29896