tinyBB Multiple Input Validation Vulnerabilities

tinyBB is prone to multiple input-validation vulnerabilities. The issues include remote file-include, cross-site scripting, and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, execute remote PHP code in the context of the webserver process, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.


 

Privacy Statement
Copyright 2010, SecurityFocus