Test ID:	1.3.6.1.4.1.25623.1.0.902446
Category:	Web application abuses
Title:	Simple Machines Forum Multiple Vulnerabilities
Summary:	Simple Machines Forum is prone to multiple vulnerabilities.
Description:	Summary: Simple Machines Forum is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error in 'SSI.php', it does not properly restrict guest access. - An error in loadUserSettings function in 'Load.php', it does not properly handle invalid login attempts. - An error in EditNews function in 'ManageNews.php', which allow users to inject arbitrary web script or HTML via a save_items action. - An error in cleanRequest function in 'QueryString.php' and the constructPageIndex function 'in Subs.php'. - An error in PlushSearch2 function in 'Search.php', allow remote attackers to obtain sensitive information via a search. Vulnerability Impact: Successful exploitation will allow attackers to obtain access or cause a denial of service or to conduct SQL injection attacks, obtain sensitive information. Affected Software/OS: Simple Machines Forum (SMF) before 1.1.13 and 2.x before 2.0 RC5. Solution: Apply the patch or upgrade to version 1.1.13 or 2.0 RC5. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1127 http://www.openwall.com/lists/oss-security/2011/02/22/17 http://www.openwall.com/lists/oss-security/2011/03/02/4 Common Vulnerability Exposure (CVE) ID: CVE-2011-1128 Common Vulnerability Exposure (CVE) ID: CVE-2011-1129 Common Vulnerability Exposure (CVE) ID: CVE-2011-1130 Common Vulnerability Exposure (CVE) ID: CVE-2011-1131
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.