Improper input validation in Simplemachines Smf
CVE-2011-1130
Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of serv…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.011 (61.3th percentile) — read the EPSS interpretation.
Affected products
- Simplemachines Smf — versions 1.0, 1.0.1, 1.0.2
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (mailing-list, x_refsource_MLIST, Patch)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- cve@mitre.org (mailing-list, x_refsource_MLIST, Patch)
- cve@mitre.org (x_refsource_CONFIRM, Patch)