Vulnerability Details CVE-2008-6741
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.3%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2008-6741
-
cpe:2.3:a:simple_machines:simple_machines_forum:*
-
cpe:2.3:a:simple_machines:simple_machines_forum:1.0.11
-
cpe:2.3:a:simple_machines:simple_machines_forum:1.0.12
-
cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5
-
cpe:2.3:a:simple_machines:simple_machines_forum:1.0.6
-
cpe:2.3:a:simple_machines:simple_machines_forum:1.0.7
-
cpe:2.3:a:simple_machines:simple_machines_forum:1.1
-
cpe:2.3:a:simple_machines:simple_machines_forum:1.1.1
-
cpe:2.3:a:simple_machines:simple_machines_forum:1.1.2
-
cpe:2.3:a:simple_machines:simple_machines_forum:1.1.3