CVE-2006-1823

2006-04-1810:00:00

mitre

www.cve.org

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

80.1%

JSON

Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via “…” sequences in the archive parameter to index.php, which leaks the full pathname in an error message.

References

secunia.com/advisories/19648

securityreason.com/securityalert/710

securitytracker.com/id?1015943

www.securityfocus.com/archive/1/431011/100/0/threaded

www.vupen.com/english/advisories/2006/1411