Description
Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information.
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46386
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/10/10/6
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/10/09/3
Vendor Advisory x_refsource_confirm
http://www.simplemachines.org/community/index.php?topic=452888.0
Scores
EPSS
0.0059
EPSS Percentile
44.1%
Details
CWE
CWE-352
Status
published
Products (1)
simplemachines/smf
2.0 (13 CPE variants)
Published
Oct 24, 2011
Tracked Since
Feb 18, 2026