CVE-2006-0104

Name of the Vulnerable Software and Affected Versions: TinyPHPForum versions 3.6 and earlier

Description: The issue allows remote attackers to perform certain actions such as creating a new user account, creating a new topic, or viewing the profile of a user account. This can be achieved by exploiting a directory traversal vulnerability, for example, by using a .. (dot dot) in the uname parameter to the "profile.php" endpoint.

Recommendations: For TinyPHPForum versions 3.6 and earlier, as a temporary workaround, consider restricting access to the "profile.php" endpoint until a patch is available. Avoid using the uname parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.