CVE-2008-6657

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) versions 1.0 through 1.0.14 Simple Machines Forum (SMF) versions 1.1 through 1.1.6

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action. This occurs due to insufficient validation of requests, enabling attackers to perform unauthorized actions.

Recommendations For Simple Machines Forum (SMF) versions 1.0 through 1.0.14, update to version 1.0.15 or later. For Simple Machines Forum (SMF) versions 1.1 through 1.1.6, update to version 1.1.7 or later.