CVE-2008-6544

Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request

Published: Mar 30, 2009
Updated: Nov 8, 2023
CVE: CVE-2008-6544
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
simple_machines / simple_machines_forum	1.1.4	1.1.4.x

http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html
http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html
http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html
http://osvdb.org/51301
http://www.securityfocus.com/bid/28493
https://exchange.xforce.ibmcloud.com/vulnerabilities/41518

Vulnerability Database

289,697

CVE-2008-6544