CVE-2011-1130

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) versions prior to 1.1.13 Simple Machines Forum (SMF) versions 2.x prior to 2.0 RC5

Description The issue is related to improper validation of the start parameter, which could allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value. This is related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php.

Recommendations For Simple Machines Forum (SMF) versions prior to 1.1.13, update to version 1.1.13 or later. For Simple Machines Forum (SMF) versions 2.x prior to 2.0 RC5, update to version 2.0 RC5 or later.