CVE-2006-7013

EPSS 1.02%
Veröffentlicht 15.02.2007 02:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address.  NOTE: the original researcher claims that the vendor has disputed this issue

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Simple Machines ≫ Simple Machines Forum Version <= 1.0.7

Simple Machines ≫ Simple Machines Forum Version <= 1.1_rc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.02%	0.765

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://securityreason.com/securityalert/2256

http://www.securityfocus.com/archive/1/435686/30/4740/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/27082

https://nvd.nist.gov/vuln/detail/CVE-2006-7013

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-7013

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-7013

EUVD