TinyPHPForum 3.6 and previous versions stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote malicious users to list all registered users and possibly obtain other sensitive information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ralph capper tinyphpforum 3.47 |
||
ralph capper tinyphpforum 3.48 |
||
ralph capper tinyphpforum 3.49 |
||
ralph capper tinyphpforum 3.499 |
||
ralph capper tinyphpforum 3.46 |
||
ralph capper tinyphpforum 3.5 |
||
ralph capper tinyphpforum 3.6 |