User Impersonation Vulnerability in Simple Machines Forum Software
CVE-2013-7235

Currently unrated

Key Information:

Vendor: Simplemachines
Status: Simple Machines Forum
Vendor: CVE Published:; 29 April 2014

🔔 Create Simplemachines Vulnerability Alert

What is CVE-2013-7235?

A vulnerability in Simple Machines Forum (SMF) allows remote attackers to impersonate arbitrary users. This occurs due to improper handling of multiple space characters, which can be exploited to manipulate session identifiers. Consequently, an attacker can gain unauthorized access and perform actions on behalf of legitimate users, compromising the integrity and security of the forum.

References

http://www.openwall.com/lists/oss-security/2013/12/30/1

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2013/12/30/3

mailing-listx_refsource_MLIST

http://seclists.org/fulldisclosure/2013/Dec/83

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2014
Vulnerability Reserved
Dec 29, 2013