Thantos

**Name of the Vulnerable Software and Affected Versions** Simple Machines Forum versions 1.0.x through 1.0.7 Simple Machines Forum versions 1.1RCx through 1.1RC2 **Description** The issue allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts. This is due to the software not properly unsetting variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value. **Recommendations** For Simple Machines Forum versions 1.0.x through 1.0.7, update to version 1.0.8. For Simple Machines Forum versions 1.1RCx through 1.1RC2, update to version 1.1RC3.