CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2006-7063

HIGH
7.5
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile43.85th
Published2007年2月24日
Last Modified2026年4月23日

Vulnerability Description

Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.

Affected Platforms (CPE)

📦
Tinyphpforum

Tinyphpforum

<= 3.6

References & Advisories

🔗 http://www.securityfocus.com/bid/18304
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/26881
🔗 https://www.exploit-db.com/exploits/1857
🔗 http://www.securityfocus.com/bid/18304
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/26881
🔗 https://www.exploit-db.com/exploits/1857

相關漏洞威脅

CVE-2006-01035.0

TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with ins...

CVE-2006-01045.0

Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a n...

CVE-2006-01024.3

Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web scr...

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...