Lucene search
MitreCVE-2008-6657HistoryApr 07, 2009 - 7:30 p.m.
CVE-2008-6657
2009-04-0719:30:00
CWE-352
mitre
web.nvd.nist.gov
33
csrf
vulnerability
simple machines forum
smf
authentication
admin hijacking
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.007
Percentile
80.5%
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
Affected configurations
Node
simple_machinessimple_machines_forumMatch1.0.5
ORsimple_machinessimple_machines_forumMatch1.0.6
ORsimple_machinessimple_machines_forumMatch1.0.7
ORsimple_machinessimple_machines_forumMatch1.0.11
ORsimple_machinessimple_machines_forumMatch1.0.12
ORsimple_machinessimple_machines_forumMatch1.1.1
ORsimple_machinessimple_machines_forumMatch1.1.2
ORsimple_machinessimple_machines_forumMatch1.1.3
ORsimple_machinessimple_machines_forumMatch1.1.4
ORsimple_machinessimple_machines_forumMatch1.1.5
ORsimple_machinessimple_machines_forumMatch1.1.6
ORsimple_machinessimple_machines_forumMatch1.1_rc1
ORsimple_machinessimple_machines_forumMatch1.1_rc2
ORsimple_machinessimple_machines_forumMatch1.1_rc3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| simple_machines | simple_machines_forum | 1.0.5 | cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5:*:*:*:*:*:*:* |
| simple_machines | simple_machines_forum | 1.0.6 | cpe:2.3:a:simple_machines:simple_machines_forum:1.0.6:*:*:*:*:*:*:* |
| simple_machines | simple_machines_forum | 1.0.7 | cpe:2.3:a:simple_machines:simple_machines_forum:1.0.7:*:*:*:*:*:*:* |
| simple_machines | simple_machines_forum | 1.0.11 | cpe:2.3:a:simple_machines:simple_machines_forum:1.0.11:*:*:*:*:*:*:* |
| simple_machines | simple_machines_forum | 1.0.12 | cpe:2.3:a:simple_machines:simple_machines_forum:1.0.12:*:*:*:*:*:*:* |
| simple_machines | simple_machines_forum | 1.1.1 | cpe:2.3:a:simple_machines:simple_machines_forum:1.1.1:*:*:*:*:*:*:* |
| simple_machines | simple_machines_forum | 1.1.2 | cpe:2.3:a:simple_machines:simple_machines_forum:1.1.2:*:*:*:*:*:*:* |
| simple_machines | simple_machines_forum | 1.1.3 | cpe:2.3:a:simple_machines:simple_machines_forum:1.1.3:*:*:*:*:*:*:* |
| simple_machines | simple_machines_forum | 1.1.4 | cpe:2.3:a:simple_machines:simple_machines_forum:1.1.4:*:*:*:*:*:*:* |
| simple_machines | simple_machines_forum | 1.1.5 | cpe:2.3:a:simple_machines:simple_machines_forum:1.1.5:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2008-6657
2009-04-07 19:00:00
prion
prion
Cross site request forgery (csrf)
2009-04-07 19:30:00
nvd
nvd
CVE-2008-6657
2009-04-07 19:30:00
exploitdb
exploitdb
Simple Machines Forum (SMF) 1.1.6 - Code Execution
2008-11-04 00:00:00
openvas
openvas
Simple Machines Forum Multiple Vulnerabilities
2009-04-23 00:00:00
Simple Machines Forum Multiple Vulnerabilities
2009-04-23 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.007
Percentile
80.5%
Related for CVE-2008-6657