CVE-2011-1127

critical

Description

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.

References

http://www.simplemachines.org/community/index.php?topic=421547.0

http://www.openwall.com/lists/oss-security/2011/03/02/4

http://www.openwall.com/lists/oss-security/2011/02/22/17

http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip

Details

Source: Mitre, NVD

Published: 2011-06-21

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H