VYPR
Unrated severityNVD Advisory· Published Dec 31, 2006· Updated Jun 16, 2026

CVE-2006-6888

CVE-2006-6888

Description

P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • P News/P News3 versions
    cpe:2.3:a:p-news:p-news:1.16:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:p-news:p-news:1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:p-news:p-news:1.17:*:*:*:*:*:*:*
    • (no CPE)range: 1.16, 1.17

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.