Vulnerability CVE-2008-6657


Published: 2009-04-07   Modified: 2012-02-12

Description:
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Simple machines -> Simple machines forum 

 References:
http://www.milw0rm.com/exploits/6993
http://www.securityfocus.com/bid/32119
http://www.simplemachines.org/community/index.php?topic=272861.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/46343

Copyright 2024, cxsecurity.com

 

Back to Top