CVE-2009-5068
First published: Wed Jan 15 2020(Updated: )
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Simplemachines Simple Machines Forum | <=2.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2009-5068.
What is the severity of CVE-2009-5068?
The severity of CVE-2009-5068 is high, with a severity value of 7.2.
What software is affected by CVE-2009-5068?
SMF (Simple Machines Forum) versions up to v2.0.3 are affected by CVE-2009-5068.
What is the impact of CVE-2009-5068?
CVE-2009-5068 allows unauthorized users to read arbitrary files on the filesystem, posing a risk to sensitive information.
Is there a fix for CVE-2009-5068?
Yes, upgrading to a version later than v2.0.3 of SMF (Simple Machines Forum) will fix CVE-2009-5068.
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/simplemachines
- canonical/simplemachines simple machines forum
- version/simplemachines simple machines forum/2.0.3