Simple Machines Forum msg Parameter SQL Injection Vulnerability

high Nessus Plugin ID 18553

Synopsis

The remote web server contains a PHP script that is prone to a SQL injection attack.

Description

The remote host is running Simple Machines Forum (SMF), an open source web forum application written in PHP.

The installed version of SMF on the remote host fails to properly sanitize input to the 'msg' parameter before using it in SQL queries.
By exploiting this flaw, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database.

Solution

Upgrade to SMF version 1.0.5 or later.

See Also

http://www.nessus.org/u?876b7dde

http://www.simplemachines.org/community/index.php?topic=39395.0

Plugin Details

Severity: High

ID: 18553

File Name: smf_msg_sql_injection.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 6/23/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:simple_machines:smf

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 14043