QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-15T02:00:00

Updated: 2024-08-07T20:50:05.630Z

Reserved: 2007-02-14T00:00:00

Link: CVE-2006-7013

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-02-15T02:28:00.000

Modified: 2024-08-07T21:15:38.733

Link: CVE-2006-7013

cve-icon Redhat

No data.