CVE-2011-1130 in SMFinfo

Summary

Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

03/02/2011

Disclosure

06/20/2011

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-20

CVSS

7.3

EPSS

0.00517

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1130
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1130
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1130/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!