~Elmysterio

**Name of the Vulnerable Software and Affected Versions** Simple Machines Forum (SMF) versions 1.0 through 1.0.14 Simple Machines Forum (SMF) versions 1.1 through 1.1.6 **Description** The issue allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the `theme dir` field during a `jsoption` action. This is related to `Sources/QueryString.php` and `Sources/Themes.php`. For example, a local .gif file in `attachments/` with PHP code that was uploaded through a `profile2` action to `index.php` can be executed. **Recommendations** For Simple Machines Forum (SMF) versions 1.0 through 1.0.14, update to version 1.0.15 or later. For Simple Machines Forum (SMF) versions 1.1 through 1.1.6, update to version 1.1.7 or later.