SQL Injection Vulnerabilities in Simple Machines Forum Products
CVE-2011-3615

Currently unrated

Key Information:

Vendor: Simplemachines
Status: Smf
Vendor: CVE Published:; 24 October 2011

🔔 Create Simplemachines Vulnerability Alert

What is CVE-2011-3615?

Multiple SQL injection vulnerabilities exist in Simple Machines Forum (SMF) versions prior to 1.1.15 and 2.0.1, enabling remote attackers to execute arbitrary SQL commands. The vulnerabilities arise from inadequate sanitization of user inputs tied to HTML entities and display names, potentially leading to unauthorized access and data manipulation. It is crucial for users of affected versions to apply the relevant patches and updates to mitigate these security risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/70617

vdb-entryx_refsource_XF

http://secunia.com/advisories/46386

third-party-advisoryx_refsource_SECUNIA

http://openwall.com/lists/oss-security/2011/10/10/6

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2011
Vulnerability Reserved
Sep 21, 2011