Detections
Analytics
Simple Machines Forum < 1.0.5 SQL Injection
high Nessus Network Monitor Plugin ID 3028
Synopsis
The remote host is vulnerable to a SQL Injection attack.Description
The remote host is running the Simple Machines Forum (SMF), a web forum. This version of SMF is vulnerable to a remote SQL Injection flaw. The application fails to properly parse out SQL-reserved characters passed to the 'msg' parameter. This would allow a remote attacker to read or write data as well as potentially execute arbitrary code on the remote database.Solution
Upgrade to version 1.0.5 or higher.See Also
http://www.gulftech.org/?node=research&article_id=00089-07032005
http://www.simplemachines.org/community/index.php?topic=39395.0