Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4159


Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4159
Last Modified 05 Sep 2008 04:56:12
Published 11 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



** DISPUTED ** NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor.

Vulnerable Systems


  • Simple Machines Forum 1.1 Rc1


XF - smf-memberlist-sql-injection(23546)

BID - 15791

BUGTRAQ - 20051213 Re: Re: Re: [KAPDA::#16] - SMF SQL Injection

BUGTRAQ - 20051211 Re: Re: [KAPDA::#16] - SMF SQL Injection

BUGTRAQ - 20051210 Re: [KAPDA::#16] - SMF SQL Injection

BUGTRAQ - 20051209 [KAPDA::#16] - SMF SQL Injection

BUGTRAQ - 20051209 SMF SQL Injection

Last Updated: 27 May 2016 10:41:12