Vulnerability Details : CVE-2005-4159
NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor
Vulnerability category: Sql Injection
Products affected by CVE-2005-4159
- cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-4159
0.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-4159
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-4159
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/23546
Simple Machines Forum (SMF) Memberlist.php SQL injection CVE-2005-4159 Vulnerability Report
-
http://www.securityfocus.com/bid/15791
-
http://www.securityfocus.com/archive/1/419250/100/0/threaded
-
http://www.securityfocus.com/archive/1/419535/100/0/threaded
-
http://archives.neohapsis.com/archives/bugtraq/2005-12/0090.html
-
http://www.securityfocus.com/archive/1/419068/100/0/threaded
-
http://www.securityfocus.com/archive/1/419105/100/0/threaded
Jump to