Description
Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Hessam-x · perlwebappsphp
https://www.exploit-db.com/exploits/1857
Scores
EPSS
0.0624
EPSS Percentile
90.9%
Details
Status
published
Products (1)
tinyphpforum/tinyphpforum
< 3.6
Published
Feb 24, 2007
Tracked Since
Feb 18, 2026