VYPR

Tr Forum

by Tr Forum

CVEs (4)

  • CVE-2008-5265Nov 28, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo parameter.

  • CVE-2006-4584Sep 6, 2006
    risk 0.03cvss epss 0.05

    Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.

  • CVE-2006-4586Sep 6, 2006
    risk 0.03cvss epss 0.03

    The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password…

  • CVE-2006-4585Sep 6, 2006
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.