Vulnerabilities > TR Forum
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-06 | CVE-2006-4586 | SQL Injection And Authentication Bypass vulnerability in TR Forum TR Forum 2.0 The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. | 5.5 |
2006-09-06 | CVE-2006-4585 | SQL Injection And Authentication Bypass vulnerability in TR Forum TR Forum 2.0 SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. | 9.0 |
2006-09-06 | CVE-2006-4584 | SQL Injection And Authentication Bypass vulnerability in TR Forum TR Forum 2.0 Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php. | 7.5 |