CVE-2006-2405

Unclassified Newsboard < 1.6.1_patch1 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.

Exploits (1)

exploitdb WORKING POC
phpwebappsphp
https://www.exploit-db.com/exploits/1777

References (9)

Scores

EPSS 0.1769
EPSS Percentile 95.1%

Details

Status published
Products (5)
unclassified_newsboard/unclassified_newsboard 1.5.3
unclassified_newsboard/unclassified_newsboard 1.5.3_patch3
unclassified_newsboard/unclassified_newsboard 1.5.3a
unclassified_newsboard/unclassified_newsboard 1.6.1
unclassified_newsboard/unclassified_newsboard < 1.6.1_patch1
Published May 16, 2006
Tracked Since Feb 18, 2026