oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: simple machines forum before 1.1.13

From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Wed, 2 Mar 2011 17:55:17 -0500 (EST)

On Wed, 23 Feb 2011, Josh Bressers wrote:


----- Original Message -----

http://www.simplemachines.org/community/index.php?P=2fd5266e000b83407b05d142bd006d4a&topic=421547.0

No useful info on the kind of vulnerability, just states "Several
security-related fixes"



Steve,

Can MITRE take this one.
I almost gave this a single CVE for "multiple unspecified" but there's a readable patch file that gives more hints: 
http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
Reversing the patches suggests the following (assuming that ONLY security patches are included in the ZIP, as stated in the initial post). 


CVE-2011-1127 - guest access to SSI.php

CVE-2011-1128 - "brute force" on Load.php

CVE-2011-1129 - ManageNews.php, probably XSS

CVE-2011-1130 - improper input validation for a number in
  $_REQUEST['start'] in QueryString.php, and also $start variable in
  Subs.php
CVE-2011-1131 - unspecified query issues in Search.php, related to $createTemporary variable. 


- Steve
Previous By Date Next
Previous By Thread Next

Current thread: