CVE-2007-3942

Name of the Vulnerable Software and Affected Versions: Simple Machines Forum (SMF) version 1.1.3

Description: A directory traversal issue in index.php allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. However, it is noted that both sourcedir and actionArray are defined before use, which is disputed by multiple third parties.

Recommendations: For Simple Machines Forum (SMF) version 1.1.3, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the sourcedir parameter and the actionArray hash in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.