Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information.
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Smf | Simplemachines | 2.0 (including) | 2.0 (including) |
Smf | Simplemachines | 2.0-beta1 (including) | 2.0-beta1 (including) |
Smf | Simplemachines | 2.0-beta2 (including) | 2.0-beta2 (including) |
Smf | Simplemachines | 2.0-beta2.1 (including) | 2.0-beta2.1 (including) |
Smf | Simplemachines | 2.0-beta3 (including) | 2.0-beta3 (including) |
Smf | Simplemachines | 2.0-beta3.1 (including) | 2.0-beta3.1 (including) |
Smf | Simplemachines | 2.0-beta4 (including) | 2.0-beta4 (including) |
Smf | Simplemachines | 2.0-rc1 (including) | 2.0-rc1 (including) |
Smf | Simplemachines | 2.0-rc1.2 (including) | 2.0-rc1.2 (including) |
Smf | Simplemachines | 2.0-rc2 (including) | 2.0-rc2 (including) |
Smf | Simplemachines | 2.0-rc3 (including) | 2.0-rc3 (including) |
Smf | Simplemachines | 2.0-rc4 (including) | 2.0-rc4 (including) |
Smf | Simplemachines | 2.0-rc5 (including) | 2.0-rc5 (including) |