Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simple machines simple machines forum vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-26982
SimpleMachinesForum 2.1.1 and previous versions allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to ...
Simplemachines Simple Machines Forum
9.8
CVSSv3
CVE-2019-11574
An issue exists in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.
Simplemachines Simple Machine Forum
6.1
CVSSv3
CVE-2013-4395
Simple Machines Forum (SMF) up to and including 2.0.5 has XSS
Simplemachines Simple Machines Forum
4.9
CVSSv3
CVE-2013-0192
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
Simplemachines Simple Machines Forum
1 EDB exploit
6.5
CVSSv3
CVE-2019-12490
An issue exists in Simple Machines Forum (SMF) prior to 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links.
Simplemachines Simple Machines Forum
7.2
CVSSv3
CVE-2009-5068
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arb...
Simplemachines Simple Machines Forum
1 EDB exploit
9.8
CVSSv3
CVE-2005-4891
Simple Machine Forum (SMF) versions 1.0.4 and previous versions have an SQL injection vulnerability that allows remote malicious users to inject arbitrary SQL statements.
Simplemachines Simple Machine Forum
1 EDB exploit
8.8
CVSSv3
CVE-2013-7466
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
Simplemachines Simple Machines Forum 2.0.4
6.1
CVSSv3
CVE-2013-7467
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
Simplemachines Simple Machines Forum 2.0.4
8.1
CVSSv3
CVE-2013-7468
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
Simplemachines Simple Machines Forum 2.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »