CVE-2006-1823 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via .. sequences in the archive parameter to index.php, which leaks the full pathname in an error message.

Affected Software

Name	Vendor	Start Version	End Version
Farsinews	Farsinews	2.1 (including)	2.1 (including)
Farsinews	Farsinews	2.1_beta2 (including)	2.1_beta2 (including)
Farsinews	Farsinews	2.5 (including)	2.5 (including)
Farsinews	Farsinews	2.5.3 (including)	2.5.3 (including)

References

http://secunia.com/advisories/19648
http://securityreason.com/securityalert/710
http://securitytracker.com/id?1015943
http://www.securityfocus.com/archive/1/431011/100/0/threaded
http://www.vupen.com/english/advisories/2006/1411
http://secunia.com/advisories/19648
http://securityreason.com/securityalert/710
http://securitytracker.com/id?1015943
http://www.securityfocus.com/archive/1/431011/100/0/threaded
http://www.vupen.com/english/advisories/2006/1411

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1823
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html