CVE-2005-4159

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) versions 1.1 rc1 and earlier

Description A SQL injection issue in Memberlist.php allows remote attackers to potentially execute arbitrary SQL commands via the start parameter. However, the vendor and third parties dispute this, stating that since only one character can be modified, it does not constitute a SQL injection vulnerability, but rather an "invalid SQL syntax error."

Recommendations For Simple Machines Forum (SMF) versions 1.1 rc1 and earlier, as a temporary workaround, consider restricting access to the start parameter in the Memberlist.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.