Unrated severityNVD Advisory· Published Mar 30, 2009· Updated Jun 16, 2026
CVE-2008-6544
CVE-2008-6544
Description
Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:simple_machines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:simple_machines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*
- (no CPE)range: 1.1.4
Patches
Vulnerability mechanics
References
6- archives.neohapsis.com/archives/bugtraq/2008-03/0425.htmlnvdExploit
- archives.neohapsis.com/archives/bugtraq/2008-03/0426.htmlnvdExploit
- archives.neohapsis.com/archives/bugtraq/2008-03/0431.htmlnvdExploit
- osvdb.org/51301nvd
- www.securityfocus.com/bid/28493nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/41518nvd
News mentions
0No linked articles in our index yet.