Description - Multiple Vulnerabilities in TinyPHPForum

Multiple Vulnerabilities found in TinyPHPForum script.

Exploit
Available
Solution
Not available - check vendor's website

1. Arbitrary script execution is possible when posting a link.

Vulnerable Script: action.php

Variable: $txt

Condition: visitor needs to click this link

2. Registered users information disclosure.

users dir isn't hidden by .htaccess in default installation.

3. Directory Traversal is possible.

- creating new user, new topic, viewing user's profile

Order Source Code Audit made by eVuln

Check a site by source code analysis of your website done by Aliaksandr Hartsuyeu.The task will be done by specialists in web security.

Advisories by vuln type