CVE-2008-6657

EUVD-2008-6619
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
simple_machinessimple_machines_forum
1.0.5
simple_machinessimple_machines_forum
1.0.6
simple_machinessimple_machines_forum
1.0.7
simple_machinessimple_machines_forum
1.0.11
simple_machinessimple_machines_forum
1.0.12
simple_machinessimple_machines_forum
1.1.1
simple_machinessimple_machines_forum
1.1.2
simple_machinessimple_machines_forum
1.1.3
simple_machinessimple_machines_forum
1.1.4
simple_machinessimple_machines_forum
1.1.5
simple_machinessimple_machines_forum
1.1.6
simple_machinessimple_machines_forum
1.1_rc1:_rc1
simple_machinessimple_machines_forum
1.1_rc2:_rc2
simple_machinessimple_machines_forum
1.1_rc3:_rc3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/50071
http://secunia.com/advisories/32516
http://www.securityfocus.com/bid/32119
http://www.simplemachines.org/community/index.php?topic=272861.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/46343
https://www.exploit-db.com/exploits/6993
http://osvdb.org/50071
http://secunia.com/advisories/32516
http://www.securityfocus.com/bid/32119
http://www.simplemachines.org/community/index.php?topic=272861.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/46343
https://www.exploit-db.com/exploits/6993