Simple Machines Forum Memberlist.php SQL Injection Vulnerability

DomDom Skye · December 12, 2005, 02:37:53 AM

Hello

I discover this:

QuoteSimple Machines Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. A successful attack can allow an attacker to bypass administrator login and gain administrative access to a site.

Simple Machines Forum 1.1 rc1 is vulnerable. Other versions may also be affected.

http://www.securityfocus.com/bid/15791/exploit

Any patch?

Regards, Dom

kuklovod · December 12, 2005, 03:34:10 AM

not a bug.
http://www.simplemachines.org/community/index.php?topic=60037.0

DomDom Skye · December 12, 2005, 03:48:03 AM

Yesssss thx!

Dom

News:

Simple Machines Forum Memberlist.php SQL Injection Vulnerability

DomDom Skye

kuklovod

DomDom Skye