CVE-2006-7013

EPSS 1.02%
Published 15.02.2007 02:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address.  NOTE: the original researcher claims that the vendor has disputed this issue

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Simple Machines ≫ Simple Machines Forum Version <= 1.0.7

Simple Machines ≫ Simple Machines Forum Version <= 1.1_rc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.02%	0.765

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://securityreason.com/securityalert/2256

http://www.securityfocus.com/archive/1/435686/30/4740/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/27082

https://nvd.nist.gov/vuln/detail/CVE-2006-7013

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-7013

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-7013

EUVD