CVE-2008-6657

Simple Machines Forum 1.0-1.0.15 and 1.1-1.1.7 - Cross-Site Request Forgery via Package Installation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6657. PoCs published by Charles Fol.

AI-analyzed exploit summary This exploit leverages a combination of vulnerabilities in SMF 1.1.6, including CSRF and improper file handling, to achieve remote code execution by tricking an admin into installing a malicious package via an image tag in a forum post.

Description

Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Charles Fol · phpwebappsphp

https://www.exploit-db.com/exploits/6993

View Code ZIP pw:eip

This exploit leverages a combination of vulnerabilities in SMF 1.1.6, including CSRF and improper file handling, to achieve remote code execution by tricking an admin into installing a malicious package via an image tag in a forum post.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Simple Machines Forum (SMF) 1.1.6

Auth required

Prerequisites: Valid user credentials · Admin interaction to view the post

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32119

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32516

Vendor Advisory x_refsource_confirm

http://www.simplemachines.org/community/index.php?topic=272861.0

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6993

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46343

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/50071

Scores

EPSS 0.0114

EPSS Percentile 62.5%

Details

CWE

CWE-352

Status published

Products (14)

simple_machines/simple_machines_forum 1.0.5

simple_machines/simple_machines_forum 1.0.6

simple_machines/simple_machines_forum 1.0.7

simple_machines/simple_machines_forum 1.0.11

simple_machines/simple_machines_forum 1.0.12

simple_machines/simple_machines_forum 1.1.1

simple_machines/simple_machines_forum 1.1.2

simple_machines/simple_machines_forum 1.1.3

simple_machines/simple_machines_forum 1.1.4

simple_machines/simple_machines_forum 1.1.5

... and 4 more

Published Apr 07, 2009

Tracked Since Feb 18, 2026