VULHUB ™

A problem with ttCMS/ttForum could make it possible for a remote user launch SQL injection attacks. It has been reported that a problem exists in the Profile.php script distributed as part of the software. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by the web forums. This vulnerability may be exploited to reset or change the password of a user. There are conflicting reports about whether or not this issue exists. The vendor has stated that exploitation of this issue is not possible.

A problem with ttCMS/ttForum could make it possible for a remote user launch SQL injection attacks. It has been reported that a problem exists in the Profile.php script distributed as part of the software. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by the web forums. This vulnerability may be exploited to reset or change the password of a user. There are conflicting reports about whether or not this issue exists. The vendor has stated that exploitation of this issue is not possible.