CVE-2006-4467

Name of the Vulnerable Software and Affected Versions Simple Machines Forum versions 1.0.x through 1.0.7 Simple Machines Forum versions 1.1RCx through 1.1RC2

Description The issue allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts. This is due to the software not properly unsetting variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value.

Recommendations For Simple Machines Forum versions 1.0.x through 1.0.7, update to version 1.0.8. For Simple Machines Forum versions 1.1RCx through 1.1RC2, update to version 1.1RC3.