Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3615

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-3615
Last Modified 12 Mar 2012 12:00:00
Published 24 Oct 2011 01:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3615

Summary

Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Simplemachines Smf 1.0

  • Simplemachines Smf 1.0.1

  • Simplemachines Smf 1.0.10

  • Simplemachines Smf 1.0.12

  • Simplemachines Smf 1.0.13

  • Simplemachines Smf 1.0.14

  • Simplemachines Smf 1.0.15

  • Simplemachines Smf 1.0.16

  • Simplemachines Smf 1.0.17

  • Simplemachines Smf 1.0.18

  • Simplemachines Smf 1.0.19

  • Simplemachines Smf 1.0.2

  • Simplemachines Smf 1.0.20

  • Simplemachines Smf 1.0.21

  • Simplemachines Smf 1.0.3

  • Simplemachines Smf 1.0.4

  • Simplemachines Smf 1.0.5

  • Simplemachines Smf 1.0.6

  • Simplemachines Smf 1.0.7

  • Simplemachines Smf 1.0.8

  • Simplemachines Smf 1.0.9

  • Simplemachines Smf 1.1

  • Simplemachines Smf 1.1.1

  • Simplemachines Smf 1.1.10

  • Simplemachines Smf 1.1.11

  • Simplemachines Smf 1.1.12

  • Simplemachines Smf 1.1.13

  • Simplemachines Smf 1.1.14

  • Simplemachines Smf 1.1.2

  • Simplemachines Smf 1.1.3

  • Simplemachines Smf 1.1.4

  • Simplemachines Smf 1.1.5

  • Simplemachines Smf 1.1.6

  • Simplemachines Smf 1.1.7

  • Simplemachines Smf 1.1.8

  • Simplemachines Smf 1.1.9

  • Simplemachines Smf 2.0


References

XF - simplemachines-spoofing-unspecified(70617)

CONFIRM - http://www.simplemachines.org/community/index.php?topic=452888.0

SECUNIA - 46386

MLIST - [oss-security] 20111010 Re: CVE request: simple machines forum before 2.0.1 and 1.1.15

MLIST - [oss-security] 20111009 CVE request: simple machines forum before 2.0.1 and 1.1.15


Last Updated: 27 May 2016 10:57:44