Test ID:	1.3.6.1.4.1.25623.1.0.800558
Category:	Web application abuses
Title:	Simple Machines Forum Multiple Vulnerabilities
Summary:	Simple Machines Forum is prone to multiple vulnerabilities.
Description:	Summary: Simple Machines Forum is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - Lack of access control and validation check while performing certain HTTP requests which lets the attacker perform certain administrative commands. - Lack of validation check for the 'theme_dir' settings before being used which causes arbitrary code execution from local resources. - Crafted avatars are being allowed for code execution. Vulnerability Impact: Successful exploitation will let the attacker execute malicious arbitrary codes in the context of the SMF web application to gain administrative privileges, install malicious components into the forum context or can cause directory traversal attacks also. Affected Software/OS: Simple Machines Forum version 1.0 to 1.0.14. Simple Machines Forum version 1.1 to 1.1.6. Solution: Update your Simple Machines Forum version to 1.1.7 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6657 BugTraq ID: 32119 http://www.securityfocus.com/bid/32119 https://www.exploit-db.com/exploits/6993 http://osvdb.org/50071 http://secunia.com/advisories/32516 XForce ISS Database: smf-unspecified-csrf(46343) https://exchange.xforce.ibmcloud.com/vulnerabilities/46343 Common Vulnerability Exposure (CVE) ID: CVE-2008-6658 http://osvdb.org/50070 Common Vulnerability Exposure (CVE) ID: CVE-2008-6659 BugTraq ID: 32139 http://www.securityfocus.com/bid/32139 https://www.exploit-db.com/exploits/7011 http://osvdb.org/50072
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.