Vulnerability Description
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simplemachines | Simple Machines Forum | <= 1.1.9 |
Related Weaknesses (CWE)
References
- http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changel
- http://seclists.org/fulldisclosure/2013/Dec/83
- http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-s
- http://www.openwall.com/lists/oss-security/2013/12/30/1
- http://www.openwall.com/lists/oss-security/2013/12/30/3
- http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changel
- http://seclists.org/fulldisclosure/2013/Dec/83
- http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-s
- http://www.openwall.com/lists/oss-security/2013/12/30/1
- http://www.openwall.com/lists/oss-security/2013/12/30/3
FAQ
What is CVE-2013-7235?
CVE-2013-7235 is a vulnerability with a CVSS score of 7.5 (HIGH). Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters.
How severe is CVE-2013-7235?
CVE-2013-7235 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7235?
Check the references section above for vendor advisories and patch information. Affected products include: Simplemachines Simple Machines Forum.