Lucene search

K
cve[email protected]CVE-2006-2405
HistoryMay 16, 2006 - 10:02 a.m.

CVE-2006-2405

2006-05-1610:02:00
web.nvd.nist.gov
27
cve-2006-2405
directory traversal
unclassified newsboard
unb
security vulnerability

6.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.5%

Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via … (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.

Affected configurations

NVD
Node
unclassified_newsboardunclassified_newsboardRange1.6.1_patch1
OR
unclassified_newsboardunclassified_newsboardMatch1.5.3
OR
unclassified_newsboardunclassified_newsboardMatch1.5.3_patch3
OR
unclassified_newsboardunclassified_newsboardMatch1.5.3a
OR
unclassified_newsboardunclassified_newsboardMatch1.6.1

6.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.5%

Related for CVE-2006-2405