The host is installed with Simple Machines Forum and is prone to multiple vulnerabilities.

Successful exploitation will allow attackers to obtain access or cause a denial of service or to conduct SQL injection attacks, obtain sensitive information. Impact Level: Application.

Apply the patch or upgrade to version 1.1.13 or 2.0 RC5 http://download.simplemachines.org/ http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip ***** NOTE : Ignore this warning, if above mentioned fix is applied already. *****

Multiple flaws are due to, - An error in 'SSI.php', it does not properly restrict guest access. - An error in loadUserSettings function in 'Load.php', it does not properly handle invalid login attempts. - An error in EditNews function in 'ManageNews.php', which allow users to inject arbitrary web script or HTML via a save_items action. - An error in cleanRequest function in 'QueryString.php' and the constructPageIndex function 'in Subs.php'. - An error in PlushSearch2 function in 'Search.php', allow remote attackers to obtain sensitive information via a search.

Simple Machines Forum (SMF) before 1.1.13 and 2.x before 2.0 RC5

• http://www.openwall.com/lists/oss-security/2011/02/22/17
• http://www.openwall.com/lists/oss-security/2011/03/02/4
• http://www.simplemachines.org/community/index.php?topic=421547.0

---

Updated on 2015-03-25