CVE-2011-4173

Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615.  NOTE: some of these details are obtained from third party information.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
simplemachinessmf
2.0
simplemachinessmf
2.0:beta1
simplemachinessmf
2.0:beta2
simplemachinessmf
2.0:beta2.1
simplemachinessmf
2.0:beta3
simplemachinessmf
2.0:beta3.1
simplemachinessmf
2.0:beta4
simplemachinessmf
2.0:rc1
simplemachinessmf
2.0:rc1.2
simplemachinessmf
2.0:rc2
simplemachinessmf
2.0:rc3
simplemachinessmf
2.0:rc4
simplemachinessmf
2.0:rc5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://openwall.com/lists/oss-security/2011/10/09/3
http://openwall.com/lists/oss-security/2011/10/10/6
http://secunia.com/advisories/46386
http://www.simplemachines.org/community/index.php?topic=452888.0
http://openwall.com/lists/oss-security/2011/10/09/3
http://openwall.com/lists/oss-security/2011/10/10/6
http://secunia.com/advisories/46386
http://www.simplemachines.org/community/index.php?topic=452888.0