SQL Injection in Simplemachines Smf
CVE-2011-3615
Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of t…
Vulnerability class: SQL Injection
EPSS: 0.011 (62.9th percentile) — read the EPSS interpretation.
Affected products
- Simplemachines Smf — versions 1.0, 1.0.1, 1.0.2
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (vdb-entry, x_refsource_XF)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)