PT-2006-6404 · Freenews · Freenews

Mohandko

Published

2006-11-04

Updated

2018-10-17

CVE-2006-5716

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: FreeNews version 2.1

Description: A directory traversal issue exists, allowing remote attackers to include local files. This is achieved by using a .. (dot dot) sequence in the chemin parameter when the aff news parameter is not set to "1".

Recommendations: For FreeNews version 2.1, as a temporary workaround, consider restricting access to the chemin parameter in the affected aff news.php file until a patch is available. Avoid using the chemin parameter with unvalidated input to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5716

Affected Products

Freenews

PT-2006-6404 · Freenews · Freenews

CVE-2006-5716

Related Identifiers

Affected Products

References · 8