CVE-2011-4173

Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information.

Published: Oct 24, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-4173
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
simplemachines / smf	2.0	2.0.x
simplemachines / smf	2.0-beta1	2.0-beta1.x
simplemachines / smf	2.0-beta3	2.0-beta3.x
simplemachines / smf	2.0-beta4	2.0-beta4.x
simplemachines / smf	2.0-beta2	2.0-beta2.x
simplemachines / smf	2.0-beta3.1	2.0-beta3.1.x
simplemachines / smf	2.0-beta2.1	2.0-beta2.1.x
simplemachines / smf	2.0-rc2	2.0-rc2.x
simplemachines / smf	2.0-rc3	2.0-rc3.x
simplemachines / smf	2.0-rc1	2.0-rc1.x
simplemachines / smf	2.0-rc5	2.0-rc5.x
simplemachines / smf	2.0-rc4	2.0-rc4.x
simplemachines / smf	2.0-rc1.2	2.0-rc1.2.x

Vulnerability Database

289,782

CVE-2011-4173