CVE-2008-6658
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php.
| Software | From | Fixed in |
|---|---|---|
| simple_machines / simple_machines_forum | 1.0.11 | 1.0.11.x |
| simple_machines / simple_machines_forum | 1.1.5 | 1.1.5.x |
| simple_machines / simple_machines_forum | 1.1.1 | 1.1.1.x |
| simple_machines / simple_machines_forum | 1.0.7 | 1.0.7.x |
| simple_machines / simple_machines_forum | 1.1.4 | 1.1.4.x |
| simple_machines / simple_machines_forum | 1.1_rc1 | 1.1_rc1.x |
| simple_machines / simple_machines_forum | 1.0.5 | 1.0.5.x |
| simple_machines / simple_machines_forum | 1.1.6 | 1.1.6.x |
| simple_machines / simple_machines_forum | 1.1_rc3 | 1.1_rc3.x |
| simple_machines / simple_machines_forum | 1.1_rc2 | 1.1_rc2.x |
| simple_machines / simple_machines_forum | 1.1.3 | 1.1.3.x |
| simple_machines / simple_machines_forum | 1.0.6 | 1.0.6.x |
| simple_machines / simple_machines_forum | 1.1.2 | 1.1.2.x |
| simple_machines / simple_machines_forum | 1.0.12 | 1.0.12.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime