CVE-2006-7013

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) versions 1.0.7 and earlier Simple Machines Forum (SMF) version 1.1rc2 and earlier

Description The issue allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header. This header is preferred over other more reliable sources for the IP address.

Recommendations For Simple Machines Forum (SMF) versions 1.0.7 and earlier, consider updating to a newer version to mitigate the risk, although the exact fix version is not specified. For Simple Machines Forum (SMF) version 1.1rc2 and earlier, consider updating to a newer version to mitigate the risk, although the exact fix version is not specified. As a temporary workaround, consider restricting the use of the X-Forwarded-For HTTP header to minimize the risk of IP address spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.