Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 prior to 1.0.15 and 1.1 prior to 1.1.7 allows remote malicious users to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simple machines simple machines forum 1.0.5 |
||
simple machines simple machines forum 1.0.12 |
||
simple machines simple machines forum 1.1.3 |
||
simple machines simple machines forum 1.1.4 |
||
simple machines simple machines forum 1.1_rc1 |
||
simple machines simple machines forum 1.1_rc2 |
||
simple machines simple machines forum 1.1.1 |
||
simple machines simple machines forum 1.0.11 |
||
simple machines simple machines forum 1.1_rc3 |
||
simple machines simple machines forum 1.1.2 |
||
simple machines simple machines forum 1.0.6 |
||
simple machines simple machines forum 1.0.7 |
||
simple machines simple machines forum 1.1.5 |
||
simple machines simple machines forum 1.1.6 |