Main Vulnerability Database Vulnerabilities #VU44938

Permissions, Privileges, and Access Controls in SMF - CVE-2011-1127

Published: June 21, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44938

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2011-1127

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Simple Machines

Affected software:
SMF

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.

How to mitigate CVE-2011-1127

Install update from vendor's website.

Sources

http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
http://www.openwall.com/lists/oss-security/2011/02/22/17
http://www.openwall.com/lists/oss-security/2011/03/02/4
http://www.simplemachines.org/community/index.php?topic=421547.0

Permissions, Privileges, and Access Controls in SMF - CVE-2011-1127

Detailed vulnerability description

How to mitigate CVE-2011-1127

Sources

Please verify you're human