CVE-2008-6659: Path Traversal
First published: Tue Apr 07 2009(Updated: )
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Simple Machines Forum | =1.0.5 | |
| Simple Machines Forum | =1.0.6 | |
| Simple Machines Forum | =1.0.7 | |
| Simple Machines Forum | =1.0.11 | |
| Simple Machines Forum | =1.0.12 | |
| Simple Machines Forum | =1.1.1 | |
| Simple Machines Forum | =1.1.2 | |
| Simple Machines Forum | =1.1.3 | |
| Simple Machines Forum | =1.1.4 | |
| Simple Machines Forum | =1.1.5 | |
| Simple Machines Forum | =1.1.6 | |
| Simple Machines Forum | =1.1_rc1 | |
| Simple Machines Forum | =1.1_rc2 | |
| Simple Machines Forum | =1.1_rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-6659?
CVE-2008-6659 has a medium severity rating due to its potential for directory traversal attacks.
How do I fix CVE-2008-6659?
To fix CVE-2008-6659, upgrade Simple Machines Forum to versions 1.0.15 or 1.1.7 or later.
What are the affected versions for CVE-2008-6659?
CVE-2008-6659 affects Simple Machines Forum versions 1.0.5 through 1.0.12 and 1.1.1 through 1.1.rc3.
Can CVE-2008-6659 be exploited by unauthenticated users?
No, CVE-2008-6659 requires remote authenticated users to exploit the vulnerability.
What type of vulnerability is CVE-2008-6659?
CVE-2008-6659 is classified as a directory traversal vulnerability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/simple machines
- canonical/simple machines forum
- version/simple machines forum/1.0.5
- version/simple machines forum/1.0.6
- version/simple machines forum/1.0.7
- version/simple machines forum/1.0.11
- version/simple machines forum/1.0.12
- version/simple machines forum/1.1.1
- version/simple machines forum/1.1.2
- version/simple machines forum/1.1.3
- version/simple machines forum/1.1.4
- version/simple machines forum/1.1.5
- version/simple machines forum/1.1.6
- version/simple machines forum/1.1_rc1
- version/simple machines forum/1.1_rc2
- version/simple machines forum/1.1_rc3