CVE-2006-0660

Name of the Vulnerable Software and Affected Versions FarsiNews versions 2.5 and earlier

Description The issue allows remote attackers to read arbitrary files, trigger error messages that disclose file paths, or include arbitrary files. This can be achieved through directory traversal vulnerabilities, specifically by manipulating the archive parameter in index.php or the template parameter in show archives.php.

Recommendations For FarsiNews versions 2.5 and earlier, consider restricting access to the index.php and show archives.php files until a fix is available. As a temporary workaround, avoid using the archive and template parameters in these files to minimize the risk of exploitation.