Vulnerability CVE-2011-1127


Published: 2011-06-20   Modified: 2012-02-13

Description:
SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Simplemachines -> SMF 

 References:
http://www.simplemachines.org/community/index.php?topic=421547.0
http://www.openwall.com/lists/oss-security/2011/03/02/4
http://www.openwall.com/lists/oss-security/2011/02/22/17
http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip

Copyright 2024, cxsecurity.com

 

Back to Top