Sql injection

2011-10-2417:55:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.4%

JSON

Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
smfeq1.0.13
smfeq1.1.2
smfeq1.0.8
smfeq1.1 rc1
smfeq1.0 beta4.1
smfeq1.0.1
smfeq1.0.19
smfeq1.0.7
smfeq1.0.9
smfeq1.0.10

Name	Operator	Version
smf	eq	1.0.13
smf	eq	1.1.2
smf	eq	1.0.8
smf	eq	1.1 rc1
smf	eq	1.0 beta4.1
smf	eq	1.0.1
smf	eq	1.0.19
smf	eq	1.0.7
smf	eq	1.0.9
smf	eq	1.0.10

Rows per page:

1-10 of 621

References

openwall.com/lists/oss-security/2011/10/09/3

openwall.com/lists/oss-security/2011/10/10/6

secunia.com/advisories/46386

www.simplemachines.org/community/index.php?topic=452888.0

exchange.xforce.ibmcloud.com/vulnerabilities/70617