Tr Forum : Security Vulnerabilities, CVEs, CVSS score >= 2

CVE-2006-4586

The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
Max CVSS
5.5
EPSS Score
0.42%
Published
2006-09-06
Updated
2018-10-17

CVE-2006-4585

SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
Max CVSS
9.0
EPSS Score
0.63%
Published
2006-09-06
Updated
2018-10-17

CVE-2006-4584

Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
Max CVSS
7.5
EPSS Score
11.54%
Published
2006-09-06
Updated
2018-10-17
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close