Описание
Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php.
Ссылки
- Exploit
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ralph_capper:tinyphpforum:3.5:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.6:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.46:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.47:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.48:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.49:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.499:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01664
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php.
EPSS
Процентиль: 82%
0.01664
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other