Cross site request forgery (csrf)

2011-10-2418:55:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.4%

JSON

Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
smfeq2.0
smfeq2.0 beta1
smfeq2.0 beta3
smfeq2.0 beta4
smfeq2.0 beta2
smfeq2.0 beta3.1
smfeq2.0 beta2.1
smfeq2.0 rc2
smfeq2.0 rc3
smfeq2.0 rc1

Name	Operator	Version
smf	eq	2.0
smf	eq	2.0 beta1
smf	eq	2.0 beta3
smf	eq	2.0 beta4
smf	eq	2.0 beta2
smf	eq	2.0 beta3.1
smf	eq	2.0 beta2.1
smf	eq	2.0 rc2
smf	eq	2.0 rc3
smf	eq	2.0 rc1

Rows per page:

1-10 of 131

References

openwall.com/lists/oss-security/2011/10/09/3

openwall.com/lists/oss-security/2011/10/10/6

secunia.com/advisories/46386

www.simplemachines.org/community/index.php?topic=452888.0