CVE-2006-0103

Name of the Vulnerable Software and Affected Versions: TinyPHPForum versions 3.6 and earlier

Description: The issue allows remote attackers to list all registered users and possibly obtain other sensitive information due to insufficient access control of the users/[USERNAME].hash and users/[USERNAME].email files stored under the web root.

Recommendations: For TinyPHPForum versions 3.6 and earlier, consider restricting access to the users directory to minimize the risk of exploitation. As a temporary workaround, limit access to the sensitive files users/[USERNAME].hash and users/[USERNAME].email until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.