CVE-2006-7013

Опубликовано: 15 фев. 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*

Версия до 1.0.7 (включая)

cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*

Версия до 1.1_rc2 (включая)

EPSS

Процентиль: 77%

0.01019

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-45v7-gg96-grpr

github

почти 4 года назад

** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue.