oss-sec mailing list archives
Re: CVE request: simple machines forum before 1.1.13
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Wed, 2 Mar 2011 17:55:17 -0500 (EST)
On Wed, 23 Feb 2011, Josh Bressers wrote:
----- Original Message -----http://www.simplemachines.org/community/index.php?P=2fd5266e000b83407b05d142bd006d4a&topic=421547.0 No useful info on the kind of vulnerability, just states "Several security-related fixes"Steve, Can MITRE take this one.
I almost gave this a single CVE for "multiple unspecified" but there's a readable patch file that gives more hints:
http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zipReversing the patches suggests the following (assuming that ONLY security patches are included in the ZIP, as stated in the initial post).
CVE-2011-1127 - guest access to SSI.php CVE-2011-1128 - "brute force" on Load.php CVE-2011-1129 - ManageNews.php, probably XSS CVE-2011-1130 - improper input validation for a number in $_REQUEST['start'] in QueryString.php, and also $start variable in Subs.phpCVE-2011-1131 - unspecified query issues in Search.php, related to $createTemporary variable.
- Steve
Current thread:
- CVE request: simple machines forum before 1.1.13 Hanno Böck (Feb 22)
- Re: CVE request: simple machines forum before 1.1.13 Josh Bressers (Feb 23)
- Re: CVE request: simple machines forum before 1.1.13 Steven M. Christey (Mar 02)
- Re: CVE request: simple machines forum before 1.1.13 Josh Bressers (Feb 23)