CVE-2006-6888
published 2006-12-31CVE-2006-6888: P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the…
PriorityP432medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.23%
80.5th percentile
P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| p-news | p-news | — | — |
| p-news | p-news | — | — |
| planerd.net | p-news | <= 2.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vh2g-rpmx-8c64: P-News 1
ghsa_unreviewed·2022-05-01
CVE-2006-6888 [MEDIUM] GHSA-vh2g-rpmx-8c64: P-News 1
P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.
GHSA
GHSA-v768-826g-p2f3: P-News 2
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2006-7114 [MEDIUM] GHSA-v768-826g-p2f3: P-News 2
P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888.
No detection rules found.
No writeups or analysis indexed.
2006-12-31
Published