{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T13:47:56.036","vulnerabilities":[{"cve":{"id":"CVE-2006-4467","sourceIdentifier":"cve@mitre.org","published":"2006-08-31T20:04:00.000","lastModified":"2026-04-16T00:27:16.627","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts.  NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Simple Machines Forum."},{"lang":"es","value":"Simple Machines Forum (SMF) 1.1RCx anterior a 1.1RC3, y 1.0.x anterior a 1.0.8, no asigna correctamente variables cuando los datos de entrada incluyen un parámetro numérico con un valor que empareja el valor del hash de un parámetro alfanumérico, lo cual permite a un atacante remoto llevar a cabo ataques de directorio transversal para leer archivos locales de su elección, bloquear asuntos, y tener posiblemente otros impactos de seguridad. NOTA: podría ser discutido que esta vulnerabilidad es debida a un fallo en el comando unset de PHP (CVE-2006-3017) y la solución apropiada debe estar en el PHP; si es así entonces esto no se debe tratar como vulnerabilidad en Simple Machines Forum."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.7","matchCriteriaId":"254BAB86-EF6D-4EE1-830B-11CEB96583C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1_rc2","matchCriteriaId":"2661792B-CA6F-4A81-AEE2-FFA7B8E42FDB"}]}]}],"references":[{"url":"http://retrogod.altervista.org/smf_11rc2_local_incl.html","source":"cve@mitre.org"},{"url":"http://retrogod.altervista.org/smf_11rc2_lock.html","source":"cve@mitre.org"},{"url":"http://securityreason.com/securityalert/1475","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/444053/100/100/threaded","source":"cve@mitre.org"},{"url":"http://www.simplemachines.org/community/index.php?topic=107112.0","source":"cve@mitre.org"},{"url":"http://www.simplemachines.org/community/index.php?topic=107135.0","source":"cve@mitre.org"},{"url":"http://retrogod.altervista.org/smf_11rc2_local_incl.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://retrogod.altervista.org/smf_11rc2_lock.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://securityreason.com/securityalert/1475","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/444053/100/100/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.simplemachines.org/community/index.php?topic=107112.0","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.simplemachines.org/community/index.php?topic=107135.0","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}