CVE-2013-7466: Path Traversal
First published: Thu Mar 07 2019(Updated: )
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Simplemachines Simple Machines Forum | =2.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2013-7466.
What is the severity of CVE-2013-7466?
The severity of CVE-2013-7466 is high.
How does CVE-2013-7466 affect Simple Machines Forum (SMF)?
CVE-2013-7466 affects Simple Machines Forum (SMF) version 2.0.4.
How can the local file inclusion vulnerability in Simple Machines Forum (SMF) version 2.0.4 be exploited?
The local file inclusion vulnerability in Simple Machines Forum (SMF) version 2.0.4 can be exploited through the install.php script using directory traversal.
Is there a fix available for CVE-2013-7466?
Yes, the fix for CVE-2013-7466 is to remove or secure the install.php script after installation.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/simplemachines
- canonical/simplemachines simple machines forum
- version/simplemachines simple machines forum/2.0.4