VYPR
Unrated severityNVD Advisory· Published Feb 15, 2007· Updated Jun 16, 2026

CVE-2006-7013

CVE-2006-7013

Description

QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue

Affected products

2
  • cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*range: <=1.0.7
    • (no CPE)range: <=1.0.7, <=1.1rc2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.