Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6659

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2008-6659
Last Modified 23 Jul 2009 12:00:00
Published 07 Apr 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-6659

Summary

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.

Vulnerable Systems

Application

  • Simple Machines Forum 1.0.11

  • Simple Machines Forum 1.0.12

  • Simple Machines Forum 1.0.5

  • Simple Machines Forum 1.0.6

  • Simple Machines Forum 1.0.7

  • Simple Machines Forum 1.1 Rc1

  • Simple Machines Forum 1.1 Rc2

  • Simple Machines Forum 1.1 Rc3

  • Simple Machines Forum 1.1.1

  • Simple Machines Forum 1.1.2

  • Simple Machines Forum 1.1.3

  • Simple Machines Forum 1.1.4

  • Simple Machines Forum 1.1.5

  • Simple Machines Forum 1.1.6


References

CONFIRM - http://www.simplemachines.org/community/index.php?topic=272861.0

BID - 32139

MILW0RM - 7011

SECUNIA - 32516

OSVDB - 50072


Last Updated: 27 May 2016 10:49:16