CVE-2008-6741
Last modified
CVE-2008-6741 is a vulnerability of currently unknown severity. SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.. EPSS estimates a 0.97% chance of exploitation in the next 30 days.
Description
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Simple Machines | Simple Machines Forum | <= 1.1.4 | — |
| Simple Machines | Simple Machines Forum | 1.0.5 | — |
| Simple Machines | Simple Machines Forum | 1.0.6 | — |
| Simple Machines | Simple Machines Forum | 1.0.7 | — |
| Simple Machines | Simple Machines Forum | 1.0.11 | — |
| Simple Machines | Simple Machines Forum | 1.0.12 | — |
| Simple Machines | Simple Machines Forum | 1.1 | Rc1 |
| Simple Machines | Simple Machines Forum | 1.1.1 | — |
| Simple Machines | Simple Machines Forum | 1.1.2 | — |
| Simple Machines | Simple Machines Forum | 1.1.3 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-6741?
How severe is CVE-2008-6741?
How do I fix CVE-2008-6741?
Are you affected by CVE-2008-6741?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST