Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-06-21T01:00:00Z

Updated: 2024-09-16T17:15:00.759Z

Reserved: 2011-03-02T00:00:00Z

Link: CVE-2011-1130

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-06-21T02:52:42.420

Modified: 2024-11-21T01:25:37.050

Link: CVE-2011-1130

cve-icon Redhat

No data.