Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1127

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-1127
Last Modified 29 Jun 2011 12:00:00
Published 20 Jun 2011 10:52:42
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1127

Summary

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.

Vulnerable Systems

Application

  • Simplemachines Smf 1.0

  • Simplemachines Smf 1.0.1

  • Simplemachines Smf 1.0.10

  • Simplemachines Smf 1.0.12

  • Simplemachines Smf 1.0.13

  • Simplemachines Smf 1.0.14

  • Simplemachines Smf 1.0.15

  • Simplemachines Smf 1.0.16

  • Simplemachines Smf 1.0.17

  • Simplemachines Smf 1.0.18

  • Simplemachines Smf 1.0.19

  • Simplemachines Smf 1.0.2

  • Simplemachines Smf 1.0.20

  • Simplemachines Smf 1.0.21

  • Simplemachines Smf 1.0.3

  • Simplemachines Smf 1.0.4

  • Simplemachines Smf 1.0.5

  • Simplemachines Smf 1.0.6

  • Simplemachines Smf 1.0.7

  • Simplemachines Smf 1.0.8

  • Simplemachines Smf 1.0.9

  • Simplemachines Smf 1.1

  • Simplemachines Smf 1.1.1

  • Simplemachines Smf 1.1.10

  • Simplemachines Smf 1.1.11

  • Simplemachines Smf 1.1.12

  • Simplemachines Smf 1.1.2

  • Simplemachines Smf 1.1.3

  • Simplemachines Smf 1.1.4

  • Simplemachines Smf 1.1.5

  • Simplemachines Smf 1.1.6

  • Simplemachines Smf 1.1.7

  • Simplemachines Smf 1.1.8

  • Simplemachines Smf 1.1.9

  • Simplemachines Smf 2.0


References

CONFIRM - http://www.simplemachines.org/community/index.php?topic=421547.0

MLIST - [oss-security] 20110302 Re: CVE request: simple machines forum before 1.1.13

MLIST - [oss-security] 20110222 CVE request: simple machines forum before 1.1.13

CONFIRM - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip


Last Updated: 27 May 2016 10:56:11