There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.
Advisories
Source ID Title
EUVD EUVD EUVD-2009-5023 There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T07:24:54.035Z

Reserved: 2011-04-05T00:00:00

Link: CVE-2009-5068

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-01-15T21:15:11.813

Modified: 2024-11-21T01:11:06.897

Link: CVE-2009-5068

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.