CVE-2008-6741 Information

Description

SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5 which causes the addslashes PHP function to produce a \\ (backslash) sequence that does not quote the '\ (single quote) character as demonstrated via a manlabels action to index.php.

Reference

http://www.securityfocus.com/bid/29734 https://exchange.xforce.ibmcloud.com/vulnerabilities/43118 https://www.exploit-db.com/exploits/5826