9.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.5%
NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an “invalid SQL syntax error.” Multiple followups support the vendor
CPE | Name | Operator | Version |
---|---|---|---|
simple_machines:simple_machines_forum | simple machines simple machines forum | le | 1.1_rc1 |
archives.neohapsis.com/archives/bugtraq/2005-12/0090.html
www.securityfocus.com/archive/1/419068/100/0/threaded
www.securityfocus.com/archive/1/419105/100/0/threaded
www.securityfocus.com/archive/1/419250/100/0/threaded
www.securityfocus.com/archive/1/419535/100/0/threaded
www.securityfocus.com/bid/15791
exchange.xforce.ibmcloud.com/vulnerabilities/23546