Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simplemachines simple machines forum vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2013-7466
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
Simplemachines Simple Machines Forum 2.0.4
605
VMScore
CVE-2013-7468
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
Simplemachines Simple Machines Forum 2.0.4
383
VMScore
CVE-2013-7467
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
Simplemachines Simple Machines Forum 2.0.4
668
VMScore
CVE-2016-5726
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
Simplemachines Simple Machines Forum 2.1
605
VMScore
CVE-2016-5727
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
Simplemachines Simple Machines Forum 2.1
755
VMScore
CVE-2005-4891
Simple Machine Forum (SMF) versions 1.0.4 and previous versions have an SQL injection vulnerability that allows remote malicious users to inject arbitrary SQL statements.
Simplemachines Simple Machine Forum
1 EDB exploit
668
VMScore
CVE-2019-11574
An issue exists in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.
Simplemachines Simple Machine Forum
755
VMScore
CVE-2008-6971
The password reset functionality in Simple Machines Forum (SMF) 1.0.x prior to 1.0.14, 1.1.x prior to 1.1.6, and 2.0 prior to 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remo...
Simplemachines Smf 1.0.13
Simplemachines Smf 1.1.4
Simplemachines Smf 2.0-beta2
Simplemachines Smf 2.0-beta3
Simplemachines Smf 1.1.5
Simplemachines Smf 2.0
Simplemachines Smf 1.0.12
1 EDB exploit
890
VMScore
CVE-2011-1127
SSI.php in Simple Machines Forum (SMF) prior to 1.1.13, and 2.x prior to 2.0 RC5, does not properly restrict guest access, which allows remote malicious users to have an unspecified impact via unknown vectors.
Simplemachines Smf 1.0.13
Simplemachines Smf 1.1.2
Simplemachines Smf 1.0.8
Simplemachines Smf 1.1
Simplemachines Smf 1.0
Simplemachines Smf 1.0.1
Simplemachines Smf
Simplemachines Smf 1.0.19
Simplemachines Smf 1.0.7
Simplemachines Smf 1.0.9
Simplemachines Smf 1.0.10
Simplemachines Smf 1.1.4
Simplemachines Smf 1.0.16
Simplemachines Smf 1.0.14
Simplemachines Smf 1.0.17
Simplemachines Smf 1.1.10
Simplemachines Smf 1.0.21
Simplemachines Smf 1.1.11
Simplemachines Smf 1.1.8
Simplemachines Smf 1.0.2
Simplemachines Smf 1.1.3
Simplemachines Smf 1.1.7
312
VMScore
CVE-2011-1129
Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) prior to 1.1.13, and 2.x prior to 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.
Simplemachines Smf 1.0.13
Simplemachines Smf 1.1.2
Simplemachines Smf 1.0.8
Simplemachines Smf 1.1
Simplemachines Smf 1.0
Simplemachines Smf 1.0.1
Simplemachines Smf
Simplemachines Smf 1.0.19
Simplemachines Smf 1.0.7
Simplemachines Smf 1.0.9
Simplemachines Smf 1.0.10
Simplemachines Smf 1.1.4
Simplemachines Smf 1.0.16
Simplemachines Smf 1.0.14
Simplemachines Smf 1.0.17
Simplemachines Smf 1.1.10
Simplemachines Smf 1.0.21
Simplemachines Smf 1.1.11
Simplemachines Smf 1.1.8
Simplemachines Smf 1.0.2
Simplemachines Smf 1.1.3
Simplemachines Smf 1.1.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »