Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1131

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1131
Last Modified 28 Jun 2011 12:00:00
Published 20 Jun 2011 10:52:42
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1131

Summary

The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search.

Vulnerable Systems

Application

  • Simplemachines Smf 1.0

  • Simplemachines Smf 1.0.1

  • Simplemachines Smf 1.0.10

  • Simplemachines Smf 1.0.12

  • Simplemachines Smf 1.0.13

  • Simplemachines Smf 1.0.14

  • Simplemachines Smf 1.0.15

  • Simplemachines Smf 1.0.16

  • Simplemachines Smf 1.0.17

  • Simplemachines Smf 1.0.18

  • Simplemachines Smf 1.0.19

  • Simplemachines Smf 1.0.2

  • Simplemachines Smf 1.0.20

  • Simplemachines Smf 1.0.21

  • Simplemachines Smf 1.0.3

  • Simplemachines Smf 1.0.4

  • Simplemachines Smf 1.0.5

  • Simplemachines Smf 1.0.6

  • Simplemachines Smf 1.0.7

  • Simplemachines Smf 1.0.8

  • Simplemachines Smf 1.0.9

  • Simplemachines Smf 1.1

  • Simplemachines Smf 1.1.1

  • Simplemachines Smf 1.1.10

  • Simplemachines Smf 1.1.11

  • Simplemachines Smf 1.1.12

  • Simplemachines Smf 1.1.2

  • Simplemachines Smf 1.1.3

  • Simplemachines Smf 1.1.4

  • Simplemachines Smf 1.1.5

  • Simplemachines Smf 1.1.6

  • Simplemachines Smf 1.1.7

  • Simplemachines Smf 1.1.8

  • Simplemachines Smf 1.1.9

  • Simplemachines Smf 2.0


References

CONFIRM - http://www.simplemachines.org/community/index.php?topic=421547.0

MLIST - [oss-security] 20110302 Re: CVE request: simple machines forum before 1.1.13

MLIST - [oss-security] 20110222 CVE request: simple machines forum before 1.1.13

CONFIRM - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip


Last Updated: 27 May 2016 10:56:11