Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simple machines simple machines forum vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-11574
An issue exists in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.
Simplemachines Simple Machine Forum
9.8
CVSSv3
CVE-2005-4891
Simple Machine Forum (SMF) versions 1.0.4 and previous versions have an SQL injection vulnerability that allows remote malicious users to inject arbitrary SQL statements.
Simplemachines Simple Machine Forum
1 EDB exploit
9.8
CVSSv3
CVE-2018-10305
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) prior to 2.0.15 does not properly use the possible_users variable in a query, which might allow malicious users to bypass intended access restrictions.
Simplemachines Simple Machines Forum
9.8
CVSSv3
CVE-2016-5726
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
Simplemachines Simple Machines Forum 2.1
8.8
CVSSv3
CVE-2013-7466
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
Simplemachines Simple Machines Forum 2.0.4
8.8
CVSSv3
CVE-2016-5727
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
Simplemachines Simple Machines Forum 2.1
8.1
CVSSv3
CVE-2013-7468
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
Simplemachines Simple Machines Forum 2.0.4
7.2
CVSSv3
CVE-2022-26982
SimpleMachinesForum 2.1.1 and previous versions allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to ...
Simplemachines Simple Machines Forum
7.2
CVSSv3
CVE-2009-5068
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arb...
Simplemachines Simple Machines Forum
1 EDB exploit
6.5
CVSSv3
CVE-2019-12490
An issue exists in Simple Machines Forum (SMF) prior to 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links.
Simplemachines Simple Machines Forum
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »