CVE-2007-5646

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) version 1.1.3

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting a SQL injection vulnerability in the Sources/Search.php file when MySQL 5 is used. The vulnerability can be triggered via the userspec parameter in a search2 action to "index.php".

Recommendations For Simple Machines Forum (SMF) version 1.1.3, avoid using the userspec parameter in the search2 action to "index.php" until a fix is available. Consider restricting access to the search functionality to minimize the risk of exploitation.