QueryString.php in Simple Machines Forum (SMF) 1.0.7 and previous versions, and 1.1rc2 and previous versions, allows remote malicious users to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simple machines simple machines forum |