Unrated severityNVD Advisory· Published Apr 18, 2006· Updated Apr 16, 2026

CVE-2006-1823

Description

Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message.

Affected products

Farsinews/Farsinews4 versions
cpe:2.3:a:farsinews:farsinews:2.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:farsinews:farsinews:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:farsinews:farsinews:2.1_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:farsinews:farsinews:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:farsinews:farsinews:2.5.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/19648nvd
securityreason.com/securityalert/710nvd
securitytracker.com/idnvd
www.securityfocus.com/archive/1/431011/100/0/threadednvd
www.vupen.com/english/advisories/2006/1411nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000