PT-2019-7015 · Simple Machines · Simple Machines Forum

Haunt It

Published

2019-03-07

Updated

2019-03-12

CVE-2013-7466

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) version 2.0.4

Description The issue allows for local file inclusion, which can result in remote code execution. This is achieved through directory traversal in the db type parameter of the install.php file. The vulnerability is exploitable if the install.php file remains present after the installation process.

Recommendations For version 2.0.4, remove or restrict access to the install.php file to prevent exploitation. As a temporary workaround, consider restricting the db type parameter in the install.php file until a patch is available.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2013-7466

Affected Products

Simple Machines Forum

PT-2019-7015 · Simple Machines · Simple Machines Forum

CVE-2013-7466

Weakness Enumeration

Related Identifiers

Affected Products

References · 2