CVE-2006-4161

N/A Unknown

Published: August 16, 2006 Modified: April 16, 2026

Description

Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the category parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/21483

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/1395

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/442881/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/19446

Source: cve@mitre.org

Exploit

http://www.surfionline.com/security_advisories/20060810_xennobb_avatar_gallery_transversal.txt

Source: cve@mitre.org

Exploit Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/28337

Source: cve@mitre.org

http://secunia.com/advisories/21483