Vulnerability CVE-2006-0103


Published: 2006-01-06   Modified: 2012-02-12

Description:
TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information.

See advisories in our WLB2 database:
Topic
Author
Date
Low
[eVuln] TinyPHPForum Multiple Vulnerabilities
alex evuln com
07.01.2006

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Ralph capper -> Tinyphpforum 

 References:
http://evuln.com/vulns/14/summary.html
http://securityreason.com/securityalert/320
http://securitytracker.com/id?1015436
http://www.securityfocus.com/archive/1/420933/100/0/threaded
http://www.securityfocus.com/archive/1/431133/100/0/threaded
http://www.vupen.com/english/advisories/2006/0054
https://exchange.xforce.ibmcloud.com/vulnerabilities/24016

Copyright 2024, cxsecurity.com

 

Back to Top