Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6657

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-6657
Last Modified 23 Jul 2009 12:00:00
Published 07 Apr 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6657

Summary

Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.

Vulnerable Systems

Application

  • Simple Machines Forum 1.0.11

  • Simple Machines Forum 1.0.12

  • Simple Machines Forum 1.0.5

  • Simple Machines Forum 1.0.6

  • Simple Machines Forum 1.0.7

  • Simple Machines Forum 1.1 Rc1

  • Simple Machines Forum 1.1 Rc2

  • Simple Machines Forum 1.1 Rc3

  • Simple Machines Forum 1.1.1

  • Simple Machines Forum 1.1.2

  • Simple Machines Forum 1.1.3

  • Simple Machines Forum 1.1.4

  • Simple Machines Forum 1.1.5

  • Simple Machines Forum 1.1.6


References

XF - smf-unspecified-csrf(46343)

CONFIRM - http://www.simplemachines.org/community/index.php?topic=272861.0

BID - 32119

MILW0RM - 6993

SECUNIA - 32516

OSVDB - 50071


Last Updated: 27 May 2016 10:49:16