CVEブラウザに戻る

CVE-2006-7063

HIGH

7.5

CVSS Severity Score

EPSS Score0.1580%

EPSS Percentile43.85th

Published2007年2月24日

Last Modified2026年4月23日

Vulnerability Description

Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.

Affected Platforms (CPE)

📦

Tinyphpforum

Tinyphpforum

<= 3.6

References & Advisories

🔗 http://www.securityfocus.com/bid/18304

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/26881

🔗 https://www.exploit-db.com/exploits/1857

🔗 http://www.securityfocus.com/bid/18304

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/26881

🔗 https://www.exploit-db.com/exploits/1857

関連する脆弱性情報

CVE-2006-01035.0

TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with ins...

CVE-2006-01045.0

Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a n...

CVE-2006-01024.3

Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web scr...

CVE-2006-021810.0

Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to...