6.8
CVE-2008-6657
- EPSS 1.14%
- Veröffentlicht 07.04.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:02:42
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Simple Machines ≫ Simple Machines Forum Version1.0.5
Simple Machines ≫ Simple Machines Forum Version1.0.6
Simple Machines ≫ Simple Machines Forum Version1.0.7
Simple Machines ≫ Simple Machines Forum Version1.0.11
Simple Machines ≫ Simple Machines Forum Version1.0.12
Simple Machines ≫ Simple Machines Forum Version1.1.1
Simple Machines ≫ Simple Machines Forum Version1.1.2
Simple Machines ≫ Simple Machines Forum Version1.1.3
Simple Machines ≫ Simple Machines Forum Version1.1.4
Simple Machines ≫ Simple Machines Forum Version1.1.5
Simple Machines ≫ Simple Machines Forum Version1.1.6
Simple Machines ≫ Simple Machines Forum Version1.1_rc1
Simple Machines ≫ Simple Machines Forum Version1.1_rc2
Simple Machines ≫ Simple Machines Forum Version1.1_rc3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.14% | 0.625 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
http://osvdb.org/50071
http://secunia.com/advisories/32516
http://www.securityfocus.com/bid/32119
http://www.simplemachines.org/community/index.php?topic=272861.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/46343
https://www.exploit-db.com/exploits/6993