Unrated severityNVD Advisory· Published Feb 13, 2006· Updated Apr 16, 2026

CVE-2006-0660

Description

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.

Affected products

Farsinews/Farsinews3 versions
cpe:2.3:a:farsinews:farsinews:2.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:farsinews:farsinews:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:farsinews:farsinews:2.1_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:farsinews:farsinews:2.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18768nvdPatchVendor Advisory
www.hamid.ir/security/farsinews2-5.txtnvdExploitVendor Advisory
www.securityfocus.com/bid/16580nvdExploit
forum.farsinewsteam.com/index.phpnvd
forum.farsinewsteam.com/index.phpnvd
www.osvdb.org/23020nvd
www.osvdb.org/23021nvd
www.osvdb.org/23022nvd
www.securityfocus.com/archive/1/424720/100/0/threadednvd
www.vupen.com/english/advisories/2006/0506nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24598nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24602nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000