This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue.
CVSS 3.x Severity and Metrics:
NVD score not yet provided.
CVSS 2.0 Severity and Metrics: