Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tinyphpforum | Ralph_capper | 3.5 (including) | 3.5 (including) |
Tinyphpforum | Ralph_capper | 3.6 (including) | 3.6 (including) |
Tinyphpforum | Ralph_capper | 3.46 (including) | 3.46 (including) |
Tinyphpforum | Ralph_capper | 3.47 (including) | 3.47 (including) |
Tinyphpforum | Ralph_capper | 3.48 (including) | 3.48 (including) |
Tinyphpforum | Ralph_capper | 3.49 (including) | 3.49 (including) |
Tinyphpforum | Ralph_capper | 3.499 (including) | 3.499 (including) |