ID de Prueba:	1.3.6.1.4.1.25623.1.0.902446
Categoría:	Web application abuses
Título:	Simple Machines Forum Multiple Vulnerabilities
Resumen:	Simple Machines Forum is prone to multiple vulnerabilities.
Descripción:	Summary: Simple Machines Forum is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error in 'SSI.php', it does not properly restrict guest access. - An error in loadUserSettings function in 'Load.php', it does not properly handle invalid login attempts. - An error in EditNews function in 'ManageNews.php', which allow users to inject arbitrary web script or HTML via a save_items action. - An error in cleanRequest function in 'QueryString.php' and the constructPageIndex function 'in Subs.php'. - An error in PlushSearch2 function in 'Search.php', allow remote attackers to obtain sensitive information via a search. Vulnerability Impact: Successful exploitation will allow attackers to obtain access or cause a denial of service or to conduct SQL injection attacks, obtain sensitive information. Affected Software/OS: Simple Machines Forum (SMF) before 1.1.13 and 2.x before 2.0 RC5. Solution: Apply the patch or upgrade to version 1.1.13 or 2.0 RC5. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1127 http://www.openwall.com/lists/oss-security/2011/02/22/17 http://www.openwall.com/lists/oss-security/2011/03/02/4 Common Vulnerability Exposure (CVE) ID: CVE-2011-1128 Common Vulnerability Exposure (CVE) ID: CVE-2011-1129 Common Vulnerability Exposure (CVE) ID: CVE-2011-1130 Common Vulnerability Exposure (CVE) ID: CVE-2011-1131
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.