SMF HTML-injection and PHP Code-Injection Vulnerabilities

vendor:

Simple Machines Forum

by:

HauntIT

7,5

CVSS

HIGH

HTML-injection and PHP Code-Injection

78, 89

CWE

Product Name: Simple Machines Forum

Affected Version From: SMF 2.0.4

Affected Version To: SMF 2.0.4

Patch Exists: YES

Related CWE: N/A

CPE: a:simplemachines:simple_machines_forum

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

SMF HTML-injection and PHP Code-Injection Vulnerabilities

SMF is prone to an HTML-injection and multiple PHP code-injection vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the affected application and inject hostile HTML and script code into vulnerable sections of the application.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in the application.

Source

SMF HTML-injection and PHP Code-Injection Vulnerabilities

Mitigation:

Exploit-DB raw data: