Detections
Analytics
Simple Machines Forum Search.php SQL Injection
medium Nessus Plugin ID 27585
Language:
Synopsis
The remote web server contains a PHP script that is prone to SQL injection attacks.Description
The remote host is running Simple Machines Forum (SMF), an open source web forum application written in PHP.The version of Simple Machines Forum installed on the remote host fails to sanitize user input to the 'userspec' parameter used in conjunction with the 'search2' action to the 'index.php' script before using it in a Sources/Search.php database query. Regardless of PHP's 'magic_quotes_gpc' setting, an attacker may be able to exploit this issue to manipulate such queries, leading to disclosure of sensitive information, modification of data, or attacks against the underlying database.
Note that an unauthenticated attacker can exploit this issue only if SMF is configured to use MySQL 5.x, but an authenticated attacker can do so regardless of the database version in use.
Solution
Upgrade to Simple Machines Forum 1.1.4 / 1.0.12 or later.See Also
https://www.securityfocus.com/archive/1/482569/30/0/threaded
http://www.simplemachines.org/community/index.php?topic=196380.0
Plugin Details
Severity: Medium
ID: 27585
File Name: smf_userspec_sql_injection.nasl
Version: 1.19
Type: remote
Family: CGI abuses
Published: 10/28/2007
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:simple_machines:simple_machines_forum
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 10/20/2007
Reference Information
CVE: CVE-2007-5646
BID: 26144
CWE: 89