PT-2011-2895 · Simple Machines · Simple Machines Forum

Steven M. Christey

Published

2011-06-21

Updated

2011-06-28

CVE-2011-1131

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) versions prior to 1.1.13 Simple Machines Forum (SMF) versions 2.x prior to 2.0 RC5

Description The issue arises from the PlushSearch2 function in Search.php, which incorrectly utilizes cached data when a temporary table has been created. This might allow remote attackers to obtain sensitive information via a search.

Recommendations For versions prior to 1.1.13, update to version 1.1.13 or later. For versions 2.x prior to 2.0 RC5, update to version 2.0 RC5 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2011-1131

Affected Products

Simple Machines Forum

PT-2011-2895 · Simple Machines · Simple Machines Forum

CVE-2011-1131

Weakness Enumeration

Related Identifiers

Affected Products

References · 6