SQL Injection Vulnerability in Simple Machines Forum by Simple Machines
CVE-2011-1130

Currently unrated

Key Information:

Vendor: Simplemachines
Status: Smf
Vendor: CVE Published:; 21 June 2011

🔔 Create Simplemachines Vulnerability Alert

What is CVE-2011-1130?

A vulnerability exists in Simple Machines Forum versions prior to 1.1.13 and 2.x before 2.0 RC5, where improper validation of the start parameter can be exploited by remote attackers. This flaw may allow attackers to execute SQL injection attacks, potentially resulting in unauthorized access to sensitive data or causing a denial of service. The vulnerability is related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php, highlighting the need for immediate security measures to protect affected systems.

References

http://www.openwall.com/lists/oss-security/2011/02/22/17

mailing-listx_refsource_MLIST

http://www.simplemachines.org/community/index.php?topic=4...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2011/03/02/4

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 21, 2011