The host is installed with Simple Machines Forum and is prone to SQL Injection Vulnerability.

Successful exploitation will allow attackers to execute arbitrary code, and can view, add, modify or delete information in the back-end database. Impact Level: System/Application.

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one For updates refer to http://www.simplemachines.org/

Error exists while sending an specially crafted SQL statements into load.php when setting the db_character_set parameter to a multibyte character which causes the addslashes PHP function to generate a \(backslash) sequence that does not quote the '(single quote) character, as demonstrated via a manlabels action to index.php.

Simple Machines Forum 1.1.4 and prior

• http://xforce.iss.net/xforce/xfdb/43118

---

Updated on 2017-03-28