Tinyphpforum@3.49 Security Vulnerabilities and Issues — Tinyphpforum@3.49 CVE List

Lucene search

Ralph CapperTinyphpforum3.49

3 matches found

CVE•added 2006/01/06 11:3 a.m.•111 views

CVE-2006-0102

Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php.

4.3CVSS5.9AI score0.00675EPSS

CVE•added 2006/01/06 11:3 a.m.•37 views

CVE-2006-0103

TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information.

5CVSS6.7AI score0.10152EPSS

CVE•added 2006/01/06 11:3 a.m.•34 views

CVE-2006-0104

Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php.

5CVSS6.6AI score0.01664EPSS