CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
86.5%
Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via … (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.
Vendor | Product | Version | CPE |
---|---|---|---|
unclassified_newsboard | unclassified_newsboard | cpe:/a:unclassified_newsboard:unclassified_newsboard:::: | |
unclassified_newsboard | unclassified_newsboard | 1.6.1 | cpe:/a:unclassified_newsboard:unclassified_newsboard:1.6.1::: |
unclassified_newsboard | unclassified_newsboard | 1.5.3 | cpe:/a:unclassified_newsboard:unclassified_newsboard:1.5.3::: |
unclassified_newsboard | unclassified_newsboard | 1.5.3a | cpe:/a:unclassified_newsboard:unclassified_newsboard:1.5.3a::: |
unclassified_newsboard | unclassified_newsboard | 1.5.3+patch3 | cpe:/a:unclassified_newsboard:unclassified_newsboard:1.5.3+patch3::: |
newsboard.unclassified.de/forum/post/6499
retrogod.altervista.org/unb_161p1_incl_xpl.html
secunia.com/advisories/20090
securityreason.com/securityalert/899
www.osvdb.org/25494
www.securityfocus.com/archive/1/433686/100/0/threaded
www.securityfocus.com/bid/17947
www.vupen.com/english/advisories/2006/1782
exchange.xforce.ibmcloud.com/vulnerabilities/26507