Summary
TinyPHPForum is prone to a directory-traversal vulnerability and to an authentication-bypass vulnerability because it fails to sufficiently sanitize user-supplied input data. A remote attacker can exploit this issue to perform administrative functions without requiring authentication or obtain sensitive information that could aid in further attacks.
TinyPHPForum 3.6 and 3.6.1 are vulnerable
References
Updated on 2015-03-25