CVE-2008-6659

Simple Machines Forum 1.0-1.0.14 and 1.1-1.1.6 - Authenticated Path Traversal via Theme Directory Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6659. PoCs published by ~elmysterio.

AI-analyzed exploit summary This exploit targets a local file inclusion vulnerability in Simple Machines Forum (SMF) <= 1.1.6 when magic_quotes is disabled. It uploads a malicious GIF file containing PHP shellcode to achieve remote code execution.

Description

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ~elmysterio · perlwebappsphp

https://www.exploit-db.com/exploits/7011

View Code ZIP pw:eip

This exploit targets a local file inclusion vulnerability in Simple Machines Forum (SMF) <= 1.1.6 when magic_quotes is disabled. It uploads a malicious GIF file containing PHP shellcode to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Simple Machines Forum <= 1.1.6

Auth required

Prerequisites: Target running SMF <= 1.1.6 · magic_quotes disabled · Valid user credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32139

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32516

Vendor Advisory x_refsource_confirm

http://www.simplemachines.org/community/index.php?topic=272861.0

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/50072

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7011

Scores

EPSS 0.0330

EPSS Percentile 86.9%

Details

CWE

CWE-22

Status published

Products (14)

simple_machines/simple_machines_forum 1.0.5

simple_machines/simple_machines_forum 1.0.6

simple_machines/simple_machines_forum 1.0.7

simple_machines/simple_machines_forum 1.0.11

simple_machines/simple_machines_forum 1.0.12

simple_machines/simple_machines_forum 1.1.1

simple_machines/simple_machines_forum 1.1.2

simple_machines/simple_machines_forum 1.1.3

simple_machines/simple_machines_forum 1.1.4

simple_machines/simple_machines_forum 1.1.5

... and 4 more

Published Apr 07, 2009

Tracked Since Feb 18, 2026