Back to search
CVE-2008-6544
Published: Mar 30, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20080328 Smf 1.1.4 Remote File Inclusion Vulnerabilities
mailing-list
x_refsource_FULLDISC
20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities
mailing-list
x_refsource_FULLDISC
smf-subsgraphics-themes-file-include(41518)
vdb-entry
x_refsource_XF
28493
vdb-entry
x_refsource_BID
20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities
mailing-list
x_refsource_FULLDISC
51301
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now