CVE-2011-1130

EPSS 0.52%
Veröffentlicht 21.06.2011 02:52:42
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Simplemachines ≫ Smf Version <= 1.1.12

Simplemachines ≫ Smf Version1.0

Simplemachines ≫ Smf Version1.0 Updatebeta4

Simplemachines ≫ Smf Version1.0 Updatebeta4.1

Simplemachines ≫ Smf Version1.0 Updatebeta5

Simplemachines ≫ Smf Version1.0 Updatebeta6

Simplemachines ≫ Smf Version1.0 Updaterc1

Simplemachines ≫ Smf Version1.0 Updaterc2

Simplemachines ≫ Smf Version1.0.1

Simplemachines ≫ Smf Version1.0.2

Simplemachines ≫ Smf Version1.0.3

Simplemachines ≫ Smf Version1.0.4

Simplemachines ≫ Smf Version1.0.5

Simplemachines ≫ Smf Version1.0.6

Simplemachines ≫ Smf Version1.0.7

Simplemachines ≫ Smf Version1.0.8

Simplemachines ≫ Smf Version1.0.9

Simplemachines ≫ Smf Version1.0.10

Simplemachines ≫ Smf Version1.0.12

Simplemachines ≫ Smf Version1.0.13

Simplemachines ≫ Smf Version1.0.14

Simplemachines ≫ Smf Version1.0.15

Simplemachines ≫ Smf Version1.0.16

Simplemachines ≫ Smf Version1.0.17

Simplemachines ≫ Smf Version1.0.18

Simplemachines ≫ Smf Version1.0.19

Simplemachines ≫ Smf Version1.0.20

Simplemachines ≫ Smf Version1.0.21

Simplemachines ≫ Smf Version1.1

Simplemachines ≫ Smf Version1.1 Updatebeta1

Simplemachines ≫ Smf Version1.1 Updatebeta2

Simplemachines ≫ Smf Version1.1 Updatebeta3

Simplemachines ≫ Smf Version1.1 Updatebeta4

Simplemachines ≫ Smf Version1.1 Updaterc1

Simplemachines ≫ Smf Version1.1 Updaterc2

Simplemachines ≫ Smf Version1.1 Updaterc3

Simplemachines ≫ Smf Version1.1.1

Simplemachines ≫ Smf Version1.1.2

Simplemachines ≫ Smf Version1.1.3

Simplemachines ≫ Smf Version1.1.4

Simplemachines ≫ Smf Version1.1.5

Simplemachines ≫ Smf Version1.1.6

Simplemachines ≫ Smf Version1.1.7

Simplemachines ≫ Smf Version1.1.8

Simplemachines ≫ Smf Version1.1.9

Simplemachines ≫ Smf Version1.1.10

Simplemachines ≫ Smf Version1.1.11

Simplemachines ≫ Smf Version2.0 Updatebeta1

Simplemachines ≫ Smf Version2.0 Updatebeta2

Simplemachines ≫ Smf Version2.0 Updatebeta2.1

Simplemachines ≫ Smf Version2.0 Updatebeta3

Simplemachines ≫ Smf Version2.0 Updatebeta3.1

Simplemachines ≫ Smf Version2.0 Updatebeta4

Simplemachines ≫ Smf Version2.0 Updaterc1

Simplemachines ≫ Smf Version2.0 Updaterc2

Simplemachines ≫ Smf Version2.0 Updaterc3

Simplemachines ≫ Smf Version2.0 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.657

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip

Patch

http://www.openwall.com/lists/oss-security/2011/02/22/17

Patch

http://www.openwall.com/lists/oss-security/2011/03/02/4

Patch

http://www.simplemachines.org/community/index.php?topic=421547.0

Patch

https://nvd.nist.gov/vuln/detail/CVE-2011-1130

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1130

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1130

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2011-1130