Security vulnerabilities in online forum software are not a new phenomenon. Back in 2009, the popular open-source PHPbb.com forum was hacked. And the vBulletin online forum software has been repeatedly targeted over the years by attackers.
An Avast spokesperson told eWEEK that the company’s forum was running the open-source Simple Machines Forum (SMF) version 2.0.6.
“The latest version is SMF 2.0.7 but according to the SMF change log (and the announcements on the SMF web site) there were no security-related updates included in this version,” Avast stated. “The vulnerability was not known to us. It is not clear whether the attack was conducted via a 0-day vulnerability or a hole that was silently fixed in v2.0.7 but never announced.”