CVE-2006-2405

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/05/2006
Last modified:
03/04/2025

Description

Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:unclassified_newsboard:unclassified_newsboard:*:*:*:*:*:*:*:* 1.6.1_patch1 (including)
cpe:2.3:a:unclassified_newsboard:unclassified_newsboard:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:unclassified_newsboard:unclassified_newsboard:1.5.3_patch3:*:*:*:*:*:*:*
cpe:2.3:a:unclassified_newsboard:unclassified_newsboard:1.5.3a:*:*:*:*:*:*:*
cpe:2.3:a:unclassified_newsboard:unclassified_newsboard:1.6.1:*:*:*:*:*:*:*