Unrated severityNVD Advisory· Published Feb 15, 2007· Updated Jun 16, 2026
CVE-2006-7013
CVE-2006-7013
Description
QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue
Affected products
2cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*range: <=1.0.7
- (no CPE)range: <=1.0.7, <=1.1rc2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.