CyberSec.Space Logo
Back to CVE Browser

CVE-2006-7063

HIGH
7.5
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile43.85th
PublishedFeb 24, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.

Affected Platforms (CPE)

πŸ“¦
Tinyphpforum

Tinyphpforum

<= 3.6

References & Advisories

πŸ”— http://www.securityfocus.com/bid/18304
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/26881
πŸ”— https://www.exploit-db.com/exploits/1857
πŸ”— http://www.securityfocus.com/bid/18304
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/26881
πŸ”— https://www.exploit-db.com/exploits/1857

Related Vulnerabilities

CVE-2006-01035.0

TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with ins...

CVE-2006-01045.0

Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a n...

CVE-2006-01024.3

Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web scr...

CVE-2006-607610.0

Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier ...