PT-2019-7015 · Simple Machines · Simple Machines Forum

Haunt It

Publicado

2019-03-07

Atualizado

2019-03-12

CVE-2013-7466

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) version 2.0.4

Description The issue allows for local file inclusion, which can result in remote code execution. This is achieved through directory traversal in the db type parameter of the install.php file. The vulnerability is exploitable if the install.php file remains present after the installation process.

Recommendations For version 2.0.4, remove or restrict access to the install.php file to prevent exploitation. As a temporary workaround, consider restricting the db type parameter in the install.php file until a patch is available.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2013-7466

Produtos afetados

Simple Machines Forum

PT-2019-7015 · Simple Machines · Simple Machines Forum

CVE-2013-7466

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2