Search criteria
63 vulnerabilities found for simple_machines_forum by simple_machines
FKIE_CVE-2008-6741
Vulnerability from fkie_nvd - Published: 2009-04-21 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_machines | simple_machines_forum | * | |
| simple_machines | simple_machines_forum | 1.0.5 | |
| simple_machines | simple_machines_forum | 1.0.6 | |
| simple_machines | simple_machines_forum | 1.0.7 | |
| simple_machines | simple_machines_forum | 1.0.11 | |
| simple_machines | simple_machines_forum | 1.0.12 | |
| simple_machines | simple_machines_forum | 1.1 | |
| simple_machines | simple_machines_forum | 1.1 | |
| simple_machines | simple_machines_forum | 1.1 | |
| simple_machines | simple_machines_forum | 1.1.1 | |
| simple_machines | simple_machines_forum | 1.1.2 | |
| simple_machines | simple_machines_forum | 1.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF60548-26B3-4213-BC8A-D8CD0D4B76C7",
"versionEndIncluding": "1.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "549FC613-BB72-42FD-AD04-0FAC2FC2A942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1063E88-7F6D-4E42-B196-7292320C4F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F6A0089-3041-45E4-A1BB-F35A9039A12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E336DF9F-8978-44FD-9C1D-86F2C0E3AE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8053CE57-37BF-4468-AD24-ECB1356779AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B3A7489D-17BA-4F95-BF8E-440C73A91E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D396FF37-AC26-47E3-B5FB-E6A792494B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "638DD0BD-6DE4-421A-93A5-642BBB6AE1A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C381B85E-5A0F-4E32-A729-AB1E4A44A8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9DEB09-1A83-4AE0-B357-249E8C1F7988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBA0C02-402C-4E96-AADB-B0A1C397B982",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a \"\\\" (backslash) sequence that does not quote the \"\u0027\" (single quote) character, as demonstrated via a manlabels action to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Load.php en Simple Machines Forum (SMF) v1.1.4 y anteriores permite a atacantes remotos ejecutar comandos SQL de forma arbitraria mediante el ajuste de el par\u00e1metro \"db_character_set\" a caracteres multibyte tal como big5, lo que produce que la funci\u00f3n de PHP \"addslashes\" produzca una secuencia \"\\\" (barra invertida) no la comilla \"\u0027\" (comilla simple), como se demostr\u00f3 a trav\u00e9s de la acci\u00f3n \"manlabels\" en index.php."
}
],
"id": "CVE-2008-6741",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-21T18:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29734"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43118"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5826"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6659
Vulnerability from fkie_nvd - Published: 2009-04-07 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_machines | simple_machines_forum | 1.0.5 | |
| simple_machines | simple_machines_forum | 1.0.6 | |
| simple_machines | simple_machines_forum | 1.0.7 | |
| simple_machines | simple_machines_forum | 1.0.11 | |
| simple_machines | simple_machines_forum | 1.0.12 | |
| simple_machines | simple_machines_forum | 1.1.1 | |
| simple_machines | simple_machines_forum | 1.1.2 | |
| simple_machines | simple_machines_forum | 1.1.3 | |
| simple_machines | simple_machines_forum | 1.1.4 | |
| simple_machines | simple_machines_forum | 1.1.5 | |
| simple_machines | simple_machines_forum | 1.1.6 | |
| simple_machines | simple_machines_forum | 1.1_rc1 | |
| simple_machines | simple_machines_forum | 1.1_rc2 | |
| simple_machines | simple_machines_forum | 1.1_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "549FC613-BB72-42FD-AD04-0FAC2FC2A942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1063E88-7F6D-4E42-B196-7292320C4F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F6A0089-3041-45E4-A1BB-F35A9039A12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E336DF9F-8978-44FD-9C1D-86F2C0E3AE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8053CE57-37BF-4468-AD24-ECB1356779AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C381B85E-5A0F-4E32-A729-AB1E4A44A8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9DEB09-1A83-4AE0-B357-249E8C1F7988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBA0C02-402C-4E96-AADB-B0A1C397B982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "449E930B-AB74-4B64-AC0A-C04A13C828B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D869E1D5-8E27-4A13-9FD7-8189B3AC9AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "44A73B71-B2AC-470D-A03C-BED3AAD81C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF69D49-AE48-4195-B958-A5D81AABD824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA54F25-0EF9-40B1-A9B6-77F15DD27A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE14DC75-497A-4794-9260-E2A1291C9C6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en index.php en Simple Machines Forum (SMF) v1.0 anterior a la v1.0.15 y v1.1 anterior a la v1.1.7 permite a usuarios remotos autenticados configurar ficheros locales de forma arbitraria a trav\u00e9s de secuencias de salto de directorio en el valor de theme_dir field durante una acci\u00f3n jsoption, relacionada con Sources/QueryString.php y Sources/Themes.php, como se demostr\u00f3 mediante un fichero .gif en attachments/con c\u00f3digo PHP que fue subido a trav\u00e9s de la acci\u00f3n profile2 en index.php."
}
],
"id": "CVE-2008-6659",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-07T19:30:00.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50072"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32516"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32139"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6657
Vulnerability from fkie_nvd - Published: 2009-04-07 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_machines | simple_machines_forum | 1.0.5 | |
| simple_machines | simple_machines_forum | 1.0.6 | |
| simple_machines | simple_machines_forum | 1.0.7 | |
| simple_machines | simple_machines_forum | 1.0.11 | |
| simple_machines | simple_machines_forum | 1.0.12 | |
| simple_machines | simple_machines_forum | 1.1.1 | |
| simple_machines | simple_machines_forum | 1.1.2 | |
| simple_machines | simple_machines_forum | 1.1.3 | |
| simple_machines | simple_machines_forum | 1.1.4 | |
| simple_machines | simple_machines_forum | 1.1.5 | |
| simple_machines | simple_machines_forum | 1.1.6 | |
| simple_machines | simple_machines_forum | 1.1_rc1 | |
| simple_machines | simple_machines_forum | 1.1_rc2 | |
| simple_machines | simple_machines_forum | 1.1_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "549FC613-BB72-42FD-AD04-0FAC2FC2A942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1063E88-7F6D-4E42-B196-7292320C4F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F6A0089-3041-45E4-A1BB-F35A9039A12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E336DF9F-8978-44FD-9C1D-86F2C0E3AE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8053CE57-37BF-4468-AD24-ECB1356779AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C381B85E-5A0F-4E32-A729-AB1E4A44A8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9DEB09-1A83-4AE0-B357-249E8C1F7988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBA0C02-402C-4E96-AADB-B0A1C397B982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "449E930B-AB74-4B64-AC0A-C04A13C828B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D869E1D5-8E27-4A13-9FD7-8189B3AC9AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "44A73B71-B2AC-470D-A03C-BED3AAD81C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF69D49-AE48-4195-B958-A5D81AABD824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA54F25-0EF9-40B1-A9B6-77F15DD27A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE14DC75-497A-4794-9260-E2A1291C9C6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en index.php en Simple Machines Forum (SMF) v1.0 anteriores a v1.0.15 y v1.1 anteriores a v1.1.7 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para realizar peticiones para instalar paquetes a trav\u00e9s del par\u00e1metro \"package\" en una acci\u00f3n install2."
}
],
"id": "CVE-2008-6657",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-07T19:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50071"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32516"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32119"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46343"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6993"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6658
Vulnerability from fkie_nvd - Published: 2009-04-07 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_machines | simple_machines_forum | 1.0.5 | |
| simple_machines | simple_machines_forum | 1.0.6 | |
| simple_machines | simple_machines_forum | 1.0.7 | |
| simple_machines | simple_machines_forum | 1.0.11 | |
| simple_machines | simple_machines_forum | 1.0.12 | |
| simple_machines | simple_machines_forum | 1.1.1 | |
| simple_machines | simple_machines_forum | 1.1.2 | |
| simple_machines | simple_machines_forum | 1.1.3 | |
| simple_machines | simple_machines_forum | 1.1.4 | |
| simple_machines | simple_machines_forum | 1.1.5 | |
| simple_machines | simple_machines_forum | 1.1.6 | |
| simple_machines | simple_machines_forum | 1.1_rc1 | |
| simple_machines | simple_machines_forum | 1.1_rc2 | |
| simple_machines | simple_machines_forum | 1.1_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "549FC613-BB72-42FD-AD04-0FAC2FC2A942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1063E88-7F6D-4E42-B196-7292320C4F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F6A0089-3041-45E4-A1BB-F35A9039A12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E336DF9F-8978-44FD-9C1D-86F2C0E3AE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8053CE57-37BF-4468-AD24-ECB1356779AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C381B85E-5A0F-4E32-A729-AB1E4A44A8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9DEB09-1A83-4AE0-B357-249E8C1F7988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBA0C02-402C-4E96-AADB-B0A1C397B982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "449E930B-AB74-4B64-AC0A-C04A13C828B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D869E1D5-8E27-4A13-9FD7-8189B3AC9AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "44A73B71-B2AC-470D-A03C-BED3AAD81C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF69D49-AE48-4195-B958-A5D81AABD824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA54F25-0EF9-40B1-A9B6-77F15DD27A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE14DC75-497A-4794-9260-E2A1291C9C6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en index.php de Simple Machines Forum (SMF) v1.0 anterior a v1.0.15 y v1.1 anterior a v1.1.7, permite a administradores autenticados en remoto instalar paquetes desde directorios de su elecci\u00f3n a trav\u00e9s de un .. (punto punto) en el par\u00e1metro paquete en una acci\u00f3n install2, tal y como se ha demostrado por un nombre de fichero de paquete predecible en attachments/ que fue subido durante una acci\u00f3n post2 en index.php."
}
],
"id": "CVE-2008-6658",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-07T19:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50070"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6993"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6544
Vulnerability from fkie_nvd - Published: 2009-03-30 01:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_machines | simple_machines_forum | 1.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "449E930B-AB74-4B64-AC0A-C04A13C828B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request"
},
{
"lang": "es",
"value": "** DISPUTADA ** M\u00faltiples vulnerabilidades de inclusi\u00f3n remota de ficheros PHP en Simple Machines Forum (SMF) v1.1.4, permite a atacantes remotos la ejecuci\u00f3n de c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL en los par\u00e1metros (1) settings[default_theme_dir] a Sources/Subs-Graphics.php y (2) settings[default_theme_dir] a Sources/Themes.php. NOTA: CVE y varios terceros discuten esta cuesti\u00f3n porque los archivos contienen un mecanismo de protecci\u00f3n contra las peticiones directas."
}
],
"id": "CVE-2008-6544",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-30T01:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51301"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28493"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41518"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3072
Vulnerability from fkie_nvd - Published: 2008-07-08 18:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_machines | simple_machines_forum | * | |
| simple_machines | simple_machines_forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E2DE6F-5256-404C-88A0-9EB9A1B7586C",
"versionEndIncluding": "1.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF60548-26B3-4213-BC8A-D8CD0D4B76C7",
"versionEndIncluding": "1.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors."
},
{
"lang": "es",
"value": "Aplicaci\u00f3n Simple Machines Forum (SMF) 1.1.x anterior a v1.1.5 y v1.0.x anterior a v1.0.13, cuando es ejecutada sobre PHP anterior a 4.2.0, no inicializa adecuadamente el generador de n\u00fameros aleatorios, que posee un impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2008-3072",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-08T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30955"
},
{
"source": "cve@mitre.org",
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3073
Vulnerability from fkie_nvd - Published: 2008-07-08 18:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to "use of the html-tag."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_machines | simple_machines_forum | * | |
| simple_machines | simple_machines_forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E2DE6F-5256-404C-88A0-9EB9A1B7586C",
"versionEndIncluding": "1.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF60548-26B3-4213-BC8A-D8CD0D4B76C7",
"versionEndIncluding": "1.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to \"use of the html-tag.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Simple Machines Forum (SMF) 1.1.x anterior a 1.1.5 y 1.0.x anterior a 1.0.13, tiene un impacto y vectores de ataque desconocidos, puede que sea una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS), relacionado con el \"uso del html-tag\"."
}
],
"id": "CVE-2008-3073",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-08T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30955"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30108"
},
{
"source": "cve@mitre.org",
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5943
Vulnerability from fkie_nvd - Published: 2007-11-14 01:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_machines | simple_machines_forum | 1.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "449E930B-AB74-4B64-AC0A-C04A13C828B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the \"show results as messages\" option, then searching for possible keywords contained in that message."
},
{
"lang": "es",
"value": "Simple Machines Forum (SMF) 1.1.4 permite a atacantes remotos leer un mensaje en un foro privado utilizando el m\u00e9todo avanzado de b\u00fasqueda con la opci\u00f3n \"mostrar resultado como mensajes\", en busca de posibles palabras clave que figura en el mensaje."
}
],
"id": "CVE-2007-5943",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-14T01:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483437/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483437/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26508"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5646
Vulnerability from fkie_nvd - Published: 2007-10-23 21:47 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_machines | simple_machines_forum | 1.0.11 | |
| simple_machines | simple_machines_forum | 1.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E336DF9F-8978-44FD-9C1D-86F2C0E3AE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBA0C02-402C-4E96-AADB-B0A1C397B982",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Sources/Search.php en Simple Machines Forum (SMF) 1.1.3, cuando MySQL 5 se est\u00e1 utilizando, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro userspec en un una acci\u00f3n search2 en index.php."
}
],
"id": "CVE-2007-5646",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-23T21:47:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27346"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3284"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482569/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/26144"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.simplemachines.org/community/index.php?topic=196380.0"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3568"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37342"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482569/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/26144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.simplemachines.org/community/index.php?topic=196380.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4547"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3942
Vulnerability from fkie_nvd - Published: 2007-07-21 00:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_machines | simple_machines_forum | 1.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBA0C02-402C-4E96-AADB-B0A1C397B982",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use"
},
{
"lang": "es",
"value": "** IMPUGNADO ** Vulnerabilidad de salto de directorio en index.php de Simple Machines Forum (SMF) 1.1.3 permite a atacantes remotos incluir ficheros locales mediante vectores no especificados relativos al par\u00e1metro sourcedir o la tabla hash actionArray.\r\nNOTA: CVE y m\u00faltiples terceras partes impugnan esta vulnerabilidad porque ambos sourcedir y actionArray se definen antes de ser usados."
}
],
"id": "CVE-2007-3942",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-21T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/473866/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/473991/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/480572/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/473866/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/473991/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/480572/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35451"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-6741 (GCVE-0-2008-6741)
Vulnerability from cvelistv5 – Published: 2009-04-21 18:07 – Updated: 2024-08-07 11:42
VLAI?
Summary
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "smf-load-sql-injection(43118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43118"
},
{
"name": "5826",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5826"
},
{
"name": "29734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a \"\\\" (backslash) sequence that does not quote the \"\u0027\" (single quote) character, as demonstrated via a manlabels action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "smf-load-sql-injection(43118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43118"
},
{
"name": "5826",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5826"
},
{
"name": "29734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a \"\\\" (backslash) sequence that does not quote the \"\u0027\" (single quote) character, as demonstrated via a manlabels action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "smf-load-sql-injection(43118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43118"
},
{
"name": "5826",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5826"
},
{
"name": "29734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6741",
"datePublished": "2009-04-21T18:07:00",
"dateReserved": "2009-04-21T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6659 (GCVE-0-2008-6659)
Vulnerability from cvelistv5 – Published: 2009-04-07 19:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32139",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32139"
},
{
"name": "32516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32516"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "50072",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50072"
},
{
"name": "7011",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32139",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32139"
},
{
"name": "32516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32516"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "50072",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50072"
},
{
"name": "7011",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32139"
},
{
"name": "32516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32516"
},
{
"name": "http://www.simplemachines.org/community/index.php?topic=272861.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "50072",
"refsource": "OSVDB",
"url": "http://osvdb.org/50072"
},
{
"name": "7011",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6659",
"datePublished": "2009-04-07T19:00:00",
"dateReserved": "2009-04-07T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6657 (GCVE-0-2008-6657)
Vulnerability from cvelistv5 – Published: 2009-04-07 19:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32119"
},
{
"name": "32516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32516"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6993"
},
{
"name": "smf-unspecified-csrf(46343)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46343"
},
{
"name": "50071",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32119"
},
{
"name": "32516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32516"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6993"
},
{
"name": "smf-unspecified-csrf(46343)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46343"
},
{
"name": "50071",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50071"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32119"
},
{
"name": "32516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32516"
},
{
"name": "http://www.simplemachines.org/community/index.php?topic=272861.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6993"
},
{
"name": "smf-unspecified-csrf(46343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46343"
},
{
"name": "50071",
"refsource": "OSVDB",
"url": "http://osvdb.org/50071"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6657",
"datePublished": "2009-04-07T19:00:00",
"dateReserved": "2009-04-07T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6658 (GCVE-0-2008-6658)
Vulnerability from cvelistv5 – Published: 2009-04-07 19:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50070"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50070"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50070",
"refsource": "OSVDB",
"url": "http://osvdb.org/50070"
},
{
"name": "http://www.simplemachines.org/community/index.php?topic=272861.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6658",
"datePublished": "2009-04-07T19:00:00",
"dateReserved": "2009-04-07T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6544 (GCVE-0-2008-6544)
Vulnerability from cvelistv5 – Published: 2009-03-30 01:00 – Updated: 2024-08-07 11:34 Disputed
VLAI?
Summary
Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080328 Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html"
},
{
"name": "smf-subsgraphics-themes-file-include(41518)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41518"
},
{
"name": "28493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28493"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html"
},
{
"name": "51301",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51301"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080328 Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html"
},
{
"name": "smf-subsgraphics-themes-file-include(41518)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41518"
},
{
"name": "28493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28493"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html"
},
{
"name": "51301",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51301"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080328 Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html"
},
{
"name": "smf-subsgraphics-themes-file-include(41518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41518"
},
{
"name": "28493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28493"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html"
},
{
"name": "51301",
"refsource": "OSVDB",
"url": "http://osvdb.org/51301"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6544",
"datePublished": "2009-03-30T01:00:00",
"dateReserved": "2009-03-29T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3073 (GCVE-0-2008-3073)
Vulnerability from cvelistv5 – Published: 2008-07-08 18:00 – Updated: 2024-08-07 09:21
VLAI?
Summary
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to "use of the html-tag."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:35.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
},
{
"name": "30108",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to \"use of the html-tag.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-09T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
},
{
"name": "30108",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to \"use of the html-tag.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30955"
},
{
"name": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
},
{
"name": "30108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3073",
"datePublished": "2008-07-08T18:00:00",
"dateReserved": "2008-07-08T00:00:00",
"dateUpdated": "2024-08-07T09:21:35.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3072 (GCVE-0-2008-3072)
Vulnerability from cvelistv5 – Published: 2008-07-08 18:00 – Updated: 2024-08-07 09:21
VLAI?
Summary
Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:35.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-27T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30955"
},
{
"name": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3072",
"datePublished": "2008-07-08T18:00:00",
"dateReserved": "2008-07-08T00:00:00",
"dateUpdated": "2024-08-07T09:21:35.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5943 (GCVE-0-2007-5943)
Vulnerability from cvelistv5 – Published: 2007-11-14 01:00 – Updated: 2024-08-07 15:47
VLAI?
Summary
Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26508",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26508"
},
{
"name": "20071108 Simple Machine Forum - Private section/posts/info disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483437/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the \"show results as messages\" option, then searching for possible keywords contained in that message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26508",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26508"
},
{
"name": "20071108 Simple Machine Forum - Private section/posts/info disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483437/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the \"show results as messages\" option, then searching for possible keywords contained in that message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26508"
},
{
"name": "20071108 Simple Machine Forum - Private section/posts/info disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483437/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5943",
"datePublished": "2007-11-14T01:00:00",
"dateReserved": "2007-11-13T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5646 (GCVE-0-2007-5646)
Vulnerability from cvelistv5 – Published: 2007-10-23 21:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3284",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3284"
},
{
"name": "20071020 Simple Machines Forum multiple sql injection flaws with exploit code.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482569/100/0/threaded"
},
{
"name": "4547",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4547"
},
{
"name": "simplemachinesforum-smfmembers-sql-injection(37342)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37342"
},
{
"name": "26144",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?topic=196380.0"
},
{
"name": "ADV-2007-3568",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3568"
},
{
"name": "27346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3284",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3284"
},
{
"name": "20071020 Simple Machines Forum multiple sql injection flaws with exploit code.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482569/100/0/threaded"
},
{
"name": "4547",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4547"
},
{
"name": "simplemachinesforum-smfmembers-sql-injection(37342)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37342"
},
{
"name": "26144",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?topic=196380.0"
},
{
"name": "ADV-2007-3568",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3568"
},
{
"name": "27346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3284",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3284"
},
{
"name": "20071020 Simple Machines Forum multiple sql injection flaws with exploit code.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482569/100/0/threaded"
},
{
"name": "4547",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4547"
},
{
"name": "simplemachinesforum-smfmembers-sql-injection(37342)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37342"
},
{
"name": "26144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26144"
},
{
"name": "http://www.simplemachines.org/community/index.php?topic=196380.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?topic=196380.0"
},
{
"name": "ADV-2007-3568",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3568"
},
{
"name": "27346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5646",
"datePublished": "2007-10-23T21:00:00",
"dateReserved": "2007-10-23T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3942 (GCVE-0-2007-3942)
Vulnerability from cvelistv5 – Published: 2007-07-21 00:00 – Updated: 2024-08-07 14:37 Disputed
VLAI?
Summary
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "smf-sourcedir-file-include(35451)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35451"
},
{
"name": "20070717 LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473866/100/0/threaded"
},
{
"name": "20070925 Re: LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480572/100/0/threaded"
},
{
"name": "20070718 Re: LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473991/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "smf-sourcedir-file-include(35451)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35451"
},
{
"name": "20070717 LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473866/100/0/threaded"
},
{
"name": "20070925 Re: LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480572/100/0/threaded"
},
{
"name": "20070718 Re: LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473991/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "smf-sourcedir-file-include(35451)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35451"
},
{
"name": "20070717 LFI On SMF 1.1.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473866/100/0/threaded"
},
{
"name": "20070925 Re: LFI On SMF 1.1.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480572/100/0/threaded"
},
{
"name": "20070718 Re: LFI On SMF 1.1.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473991/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3942",
"datePublished": "2007-07-21T00:00:00",
"dateReserved": "2007-07-20T00:00:00",
"dateUpdated": "2024-08-07T14:37:05.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6741 (GCVE-0-2008-6741)
Vulnerability from nvd – Published: 2009-04-21 18:07 – Updated: 2024-08-07 11:42
VLAI?
Summary
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "smf-load-sql-injection(43118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43118"
},
{
"name": "5826",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5826"
},
{
"name": "29734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a \"\\\" (backslash) sequence that does not quote the \"\u0027\" (single quote) character, as demonstrated via a manlabels action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "smf-load-sql-injection(43118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43118"
},
{
"name": "5826",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5826"
},
{
"name": "29734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a \"\\\" (backslash) sequence that does not quote the \"\u0027\" (single quote) character, as demonstrated via a manlabels action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "smf-load-sql-injection(43118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43118"
},
{
"name": "5826",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5826"
},
{
"name": "29734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6741",
"datePublished": "2009-04-21T18:07:00",
"dateReserved": "2009-04-21T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6659 (GCVE-0-2008-6659)
Vulnerability from nvd – Published: 2009-04-07 19:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32139",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32139"
},
{
"name": "32516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32516"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "50072",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50072"
},
{
"name": "7011",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32139",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32139"
},
{
"name": "32516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32516"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "50072",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50072"
},
{
"name": "7011",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32139"
},
{
"name": "32516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32516"
},
{
"name": "http://www.simplemachines.org/community/index.php?topic=272861.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "50072",
"refsource": "OSVDB",
"url": "http://osvdb.org/50072"
},
{
"name": "7011",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6659",
"datePublished": "2009-04-07T19:00:00",
"dateReserved": "2009-04-07T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6657 (GCVE-0-2008-6657)
Vulnerability from nvd – Published: 2009-04-07 19:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32119"
},
{
"name": "32516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32516"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6993"
},
{
"name": "smf-unspecified-csrf(46343)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46343"
},
{
"name": "50071",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32119"
},
{
"name": "32516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32516"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6993"
},
{
"name": "smf-unspecified-csrf(46343)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46343"
},
{
"name": "50071",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50071"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32119"
},
{
"name": "32516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32516"
},
{
"name": "http://www.simplemachines.org/community/index.php?topic=272861.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6993"
},
{
"name": "smf-unspecified-csrf(46343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46343"
},
{
"name": "50071",
"refsource": "OSVDB",
"url": "http://osvdb.org/50071"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6657",
"datePublished": "2009-04-07T19:00:00",
"dateReserved": "2009-04-07T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6658 (GCVE-0-2008-6658)
Vulnerability from nvd – Published: 2009-04-07 19:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50070"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50070"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50070",
"refsource": "OSVDB",
"url": "http://osvdb.org/50070"
},
{
"name": "http://www.simplemachines.org/community/index.php?topic=272861.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?topic=272861.0"
},
{
"name": "6993",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6658",
"datePublished": "2009-04-07T19:00:00",
"dateReserved": "2009-04-07T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6544 (GCVE-0-2008-6544)
Vulnerability from nvd – Published: 2009-03-30 01:00 – Updated: 2024-08-07 11:34 Disputed
VLAI?
Summary
Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080328 Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html"
},
{
"name": "smf-subsgraphics-themes-file-include(41518)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41518"
},
{
"name": "28493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28493"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html"
},
{
"name": "51301",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51301"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080328 Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html"
},
{
"name": "smf-subsgraphics-themes-file-include(41518)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41518"
},
{
"name": "28493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28493"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html"
},
{
"name": "51301",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51301"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080328 Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html"
},
{
"name": "smf-subsgraphics-themes-file-include(41518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41518"
},
{
"name": "28493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28493"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html"
},
{
"name": "51301",
"refsource": "OSVDB",
"url": "http://osvdb.org/51301"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6544",
"datePublished": "2009-03-30T01:00:00",
"dateReserved": "2009-03-29T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3073 (GCVE-0-2008-3073)
Vulnerability from nvd – Published: 2008-07-08 18:00 – Updated: 2024-08-07 09:21
VLAI?
Summary
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to "use of the html-tag."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:35.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
},
{
"name": "30108",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to \"use of the html-tag.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-09T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
},
{
"name": "30108",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to \"use of the html-tag.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30955"
},
{
"name": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
},
{
"name": "30108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3073",
"datePublished": "2008-07-08T18:00:00",
"dateReserved": "2008-07-08T00:00:00",
"dateUpdated": "2024-08-07T09:21:35.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3072 (GCVE-0-2008-3072)
Vulnerability from nvd – Published: 2008-07-08 18:00 – Updated: 2024-08-07 09:21
VLAI?
Summary
Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:35.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-27T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30955"
},
{
"name": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3\u0026topic=236816.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3072",
"datePublished": "2008-07-08T18:00:00",
"dateReserved": "2008-07-08T00:00:00",
"dateUpdated": "2024-08-07T09:21:35.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5943 (GCVE-0-2007-5943)
Vulnerability from nvd – Published: 2007-11-14 01:00 – Updated: 2024-08-07 15:47
VLAI?
Summary
Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26508",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26508"
},
{
"name": "20071108 Simple Machine Forum - Private section/posts/info disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483437/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the \"show results as messages\" option, then searching for possible keywords contained in that message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26508",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26508"
},
{
"name": "20071108 Simple Machine Forum - Private section/posts/info disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483437/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the \"show results as messages\" option, then searching for possible keywords contained in that message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26508"
},
{
"name": "20071108 Simple Machine Forum - Private section/posts/info disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483437/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5943",
"datePublished": "2007-11-14T01:00:00",
"dateReserved": "2007-11-13T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5646 (GCVE-0-2007-5646)
Vulnerability from nvd – Published: 2007-10-23 21:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3284",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3284"
},
{
"name": "20071020 Simple Machines Forum multiple sql injection flaws with exploit code.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482569/100/0/threaded"
},
{
"name": "4547",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4547"
},
{
"name": "simplemachinesforum-smfmembers-sql-injection(37342)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37342"
},
{
"name": "26144",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.simplemachines.org/community/index.php?topic=196380.0"
},
{
"name": "ADV-2007-3568",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3568"
},
{
"name": "27346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3284",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3284"
},
{
"name": "20071020 Simple Machines Forum multiple sql injection flaws with exploit code.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482569/100/0/threaded"
},
{
"name": "4547",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4547"
},
{
"name": "simplemachinesforum-smfmembers-sql-injection(37342)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37342"
},
{
"name": "26144",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.simplemachines.org/community/index.php?topic=196380.0"
},
{
"name": "ADV-2007-3568",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3568"
},
{
"name": "27346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3284",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3284"
},
{
"name": "20071020 Simple Machines Forum multiple sql injection flaws with exploit code.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482569/100/0/threaded"
},
{
"name": "4547",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4547"
},
{
"name": "simplemachinesforum-smfmembers-sql-injection(37342)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37342"
},
{
"name": "26144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26144"
},
{
"name": "http://www.simplemachines.org/community/index.php?topic=196380.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?topic=196380.0"
},
{
"name": "ADV-2007-3568",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3568"
},
{
"name": "27346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5646",
"datePublished": "2007-10-23T21:00:00",
"dateReserved": "2007-10-23T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3942 (GCVE-0-2007-3942)
Vulnerability from nvd – Published: 2007-07-21 00:00 – Updated: 2024-08-07 14:37 Disputed
VLAI?
Summary
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "smf-sourcedir-file-include(35451)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35451"
},
{
"name": "20070717 LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473866/100/0/threaded"
},
{
"name": "20070925 Re: LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480572/100/0/threaded"
},
{
"name": "20070718 Re: LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473991/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "smf-sourcedir-file-include(35451)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35451"
},
{
"name": "20070717 LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473866/100/0/threaded"
},
{
"name": "20070925 Re: LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480572/100/0/threaded"
},
{
"name": "20070718 Re: LFI On SMF 1.1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473991/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "smf-sourcedir-file-include(35451)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35451"
},
{
"name": "20070717 LFI On SMF 1.1.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473866/100/0/threaded"
},
{
"name": "20070925 Re: LFI On SMF 1.1.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480572/100/0/threaded"
},
{
"name": "20070718 Re: LFI On SMF 1.1.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473991/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3942",
"datePublished": "2007-07-21T00:00:00",
"dateReserved": "2007-07-20T00:00:00",
"dateUpdated": "2024-08-07T14:37:05.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}