CVE-2008-2769

Name of the Vulnerable Software and Affected Versions Simple Machines phpRaider versions 1.0.6 through 1.0.7

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the pConfig auth[smf path] parameter in the authentication/smf/smf.functions.php file.

Recommendations For versions 1.0.6 and 1.0.7, avoid using the pConfig auth[smf path] parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the smf.functions.php file to minimize the risk of exploitation.