TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-01-06 11:03
Updated : 2024-02-28 10:42
NVD link : CVE-2006-0103
Mitre link : CVE-2006-0103
CVE.ORG link : CVE-2006-0103
JSON object : View
Products Affected
ralph_capper
- tinyphpforum
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor