** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2007-02-15 02:28
Updated : 2024-08-07 21:15
NVD link : CVE-2006-7013
Mitre link : CVE-2006-7013
CVE.ORG link : CVE-2006-7013
JSON object : View
Products Affected
simple_machines
- simple_machines_forum
CWE