cbcvebase.
CVE-2006-6888
published 2006-12-31

CVE-2006-6888: P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the…

PriorityP432medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.23%
80.5th percentile
P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.

Affected

3 ranges
VendorProductVersion rangeFixed in
p-newsp-news
p-newsp-news
planerd.netp-news<= 2.0
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.