SMF Index.PHP SQL Injection Vulnerability

Bugtraq ID:	26144
Class:	Input Validation Error
CVE:	CVE-2007-5646
Remote:	Yes
Local:	No
Published:	Oct 20 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	Michael Brooks is credited with the discovery of this vulnerability.
Vulnerable:	SMF SMF 1.1.3 SMF SMF 1.0.11
Not Vulnerable:	SMF SMF 1.1.4 SMF SMF 1.0.12

SMF Index.PHP SQL Injection Vulnerability

SMF is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects SMF 1.1.3; other versions may also be affected.

SMF Index.PHP SQL Injection Vulnerability

An attacker can exploit this issue via a browser.

The following exploit code is available:

• /data/vulnerabilities/exploits/26144.pl

SMF Index.PHP SQL Injection Vulnerability

Solution:
The vendor has released SMF versions 1.1.4 and 1.0.11 to address this issue. Please see the references for more information.


SMF SMF 1.1.3

• SMF SMF 1.1.4 Large upgrade
  http://www.simplemachines.org/download/index.php?thanks;filename=smf_1 -1-4_upgrade.tar.bz2


• SMF SMF 1.1.4 Full install
  http://www.simplemachines.org/download/index.php?thanks;filename=smf_1 -1-4_install.tar.bz2

SMF Index.PHP SQL Injection Vulnerability

References:

• Simple Machines Forum 1.1.4 and 1.0.12 released (SMF)
  
• SMF Homepage (SMF )
  
• Simple Machines Forum multiple sql injection flaws with exploit code ([email protected])