CVE-2006-0660

high

Description

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24602

https://exchange.xforce.ibmcloud.com/vulnerabilities/24598

http://www.vupen.com/english/advisories/2006/0506

http://www.securityfocus.com/archive/1/424720/100/0/threaded

http://www.osvdb.org/23022

http://www.osvdb.org/23021

http://www.osvdb.org/23020

http://secunia.com/advisories/18768

http://forum.farsinewsteam.com/index.php?showtopic=76

http://forum.farsinewsteam.com/index.php?showtopic=71

Details

Source: Mitre, NVD

Published: 2006-02-13

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.13157