This host has Simple Machines Forum installed which is prone to multiple vulnerabilities.

Successful exploitation will let the attacker execute malicious arbitrary codes in the context of the SMF web application to gain administrative privileges, install malicious components into the forum context or can cause directory traversal attacks also. Impact Level: Application.

Update your Simple Machines Forum version to 1.1.7 or later http://www.simplemachines.org

Multiple flaws are due to - Lack of access control and validation check while performing certain HTTP requests which lets the attacker perform certain administrative commands. - Lack of validation check for the 'theme_dir' settings before being used which causes arbitrary code execution from local resources. - Crafted avatars are being allowed for code execution.

Simple Machines Forum version 1.0 to 1.0.14 Simple Machines Forum version 1.1 to 1.1.6

• http://secunia.com/advisories/32516
• http://xforce.iss.net/xforce/xfdb/46343

---

Updated on 2017-03-28