Summary
This host has Simple Machines Forum installed which is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker execute malicious arbitrary codes in the context of the SMF web application to gain administrative privileges, install malicious components into the forum context or can cause directory traversal attacks also.
Impact Level: Application.
Solution
Update your Simple Machines Forum version to 1.1.7 or later http://www.simplemachines.org
Insight
Multiple flaws are due to
- Lack of access control and validation check while performing certain HTTP requests which lets the attacker perform certain administrative commands.
- Lack of validation check for the 'theme_dir' settings before being used which causes arbitrary code execution from local resources.
- Crafted avatars are being allowed for code execution.
Affected
Simple Machines Forum version 1.0 to 1.0.14
Simple Machines Forum version 1.1 to 1.1.6
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-6657, CVE-2008-6658, CVE-2008-6659 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- Apache Subversion Module Metadata Accessible
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability