vendor:
SMF
by:
Michael Brooks
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: SMF
Affected Version From: SMF 1.1.3
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Platforms Tested: Linux
SMF 1.1.3 Extremely fast Blind SQL Injection Exploit!
This exploit takes advantage of two SQL injection flaws in SMF 1.1.3. It works with both magic_quotes_gpc=On and Off. The exploit bypasses SMF's SQL Injection filter. The author has submitted a patch for these flaws.
Mitigation:
Apply the patch provided by the author.
