SQL Injection Vulnerability in Simple Machines Forum by Simple Machines
CVE-2006-4564

Currently unrated

Key Information:

Vendor: Simplemachines
Status: Smf
Vendor: CVE Published:; 6 September 2006

🔔 Create Simplemachines Vulnerability Alert

What is CVE-2006-4564?

A SQL injection vulnerability exists in the Sources/ManageBoards.php script of Simple Machines Forum version 1.1 RC3. This flaw allows remote attackers to craft malicious requests that exploit the cur_cat parameter, enabling them to execute arbitrary SQL commands on the database. Successful exploitation could lead to unauthorized access or manipulation of sensitive data, compromising the integrity and security of the forum.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28716

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/bugtraq/2006-09/00...

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/21740

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2006
Vulnerability Reserved
Sep 5, 2006