CSRF Vulnerability in Simple Machines Forum Software
CVE-2011-4173

Currently unrated

Key Information:

Vendor: Simplemachines
Status: Smf
Vendor: CVE Published:; 24 October 2011

🔔 Create Simplemachines Vulnerability Alert

What is CVE-2011-4173?

The vulnerability identified in Simple Machines Forum 2.x prior to version 2.0.1 allows remote attackers to potentially hijack the administrative or moderator authentication through crafted image files. This exploit demonstrates a lack of anti-CSRF protections, enabling attackers to perform unauthorized actions on behalf of valid users. It is crucial for administrators to update to the latest version to mitigate this risk and enhance the overall security posture of their forums.

References

http://secunia.com/advisories/46386

third-party-advisoryx_refsource_SECUNIA

http://openwall.com/lists/oss-security/2011/10/10/6

mailing-listx_refsource_MLIST

http://openwall.com/lists/oss-security/2011/10/09/3

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 24, 2011