SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote malicious users to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simple machines simple machines forum 1.0.11 |
||
simple machines simple machines forum 1.1.3 |