cbcvebase.

Ralph Capper Tinyphpforum vulnerabilities

4 known vulnerabilities affecting ralph_capper/tinyphpforum.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2006-0103P4MEDIUMCVSS 5.0PoCv3.5v3.6+5 more2006-01-06
CVE-2006-0103 [MEDIUM] CWE-200 CVE-2006-0103: TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email fil TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information.
nvd
CVE-2006-0104P4MEDIUMCVSS 5.0v3.5v3.6+5 more2006-01-06
CVE-2006-0104 [MEDIUM] CVE-2006-0104: Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php.
nvd
CVE-2006-0102P4MEDIUMCVSS 4.3v3.5v3.6+5 more2006-01-06
CVE-2006-0102 [MEDIUM] CVE-2006-0102: Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attacke Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php.
nvd
CVE-2006-1898P4LOWCVSS 2.6v3.62006-04-20
CVE-2006-1898 [LOW] CVE-2006-1898: Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow r Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "Access to hash password" issue is already covered by CVE-2006-0103.
nvd
Ralph Capper Tinyphpforum vulnerabilities | cvebase