SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simple machines simple machines forum 1.0.11 |
||
simple machines simple machines forum |
||
simple machines simple machines forum 1.1 |
||
simple machines simple machines forum 1.0.5 |
||
simple machines simple machines forum 1.0.12 |
||
simple machines simple machines forum 1.1.3 |
||
simple machines simple machines forum 1.1.1 |
||
simple machines simple machines forum 1.0.6 |
||
simple machines simple machines forum 1.0.7 |
||
simple machines simple machines forum 1.1.2 |