CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-6657

Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.0%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2008-6657

Simple Machines » Simple Machines Forum » Version: 1.0.11

cpe:2.3:a:simple_machines:simple_machines_forum:1.0.11
Simple Machines » Simple Machines Forum » Version: 1.0.12

cpe:2.3:a:simple_machines:simple_machines_forum:1.0.12
Simple Machines » Simple Machines Forum » Version: 1.0.5

cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5
Simple Machines » Simple Machines Forum » Version: 1.0.6

cpe:2.3:a:simple_machines:simple_machines_forum:1.0.6
Simple Machines » Simple Machines Forum » Version: 1.0.7

cpe:2.3:a:simple_machines:simple_machines_forum:1.0.7
Simple Machines » Simple Machines Forum » Version: 1.1.1

cpe:2.3:a:simple_machines:simple_machines_forum:1.1.1
Simple Machines » Simple Machines Forum » Version: 1.1.2

cpe:2.3:a:simple_machines:simple_machines_forum:1.1.2
Simple Machines » Simple Machines Forum » Version: 1.1.3

cpe:2.3:a:simple_machines:simple_machines_forum:1.1.3
Simple Machines » Simple Machines Forum » Version: 1.1.4

cpe:2.3:a:simple_machines:simple_machines_forum:1.1.4
Simple Machines » Simple Machines Forum » Version: 1.1.5

cpe:2.3:a:simple_machines:simple_machines_forum:1.1.5
Simple Machines » Simple Machines Forum » Version: 1.1.6

cpe:2.3:a:simple_machines:simple_machines_forum:1.1.6
Simple Machines » Simple Machines Forum » Version: 1.1_rc1

cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc1
Simple Machines » Simple Machines Forum » Version: 1.1_rc2

cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc2
Simple Machines » Simple Machines Forum » Version: 1.1_rc3

cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-6657

Products

Pricing

Contact Us