CVE-2008-6657

Simple Machines Forum - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Charles Fol · phpwebappsphp

https://www.exploit-db.com/exploits/6993

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/32516

[Exploit] http://www.securityfocus.com/bid/32119

[Vendor Advisory] http://www.simplemachines.org/community/index.php?topic=272861.0

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46343

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6993

[Third Party Advisory, VDB Entry] http://osvdb.org/50071

Scores

EPSS 0.0215

EPSS Percentile 84.3%

Details

CWE

CWE-352

Status published

Products (14)

simple_machines/simple_machines_forum 1.0.5

simple_machines/simple_machines_forum 1.0.6

simple_machines/simple_machines_forum 1.0.7

simple_machines/simple_machines_forum 1.0.11

simple_machines/simple_machines_forum 1.0.12

simple_machines/simple_machines_forum 1.1.1

simple_machines/simple_machines_forum 1.1.2

simple_machines/simple_machines_forum 1.1.3

simple_machines/simple_machines_forum 1.1.4

simple_machines/simple_machines_forum 1.1.5

... and 4 more

Published Apr 07, 2009

Tracked Since Feb 18, 2026