Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simple machines simple machines forum vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-0896
Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote malicious users to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field.
Simple Machines Simple Machines Forum 1.0.6
NA
CVE-2008-6544
Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter...
Simple Machines Simple Machines Forum 1.1.4
1 EDB exploit
NA
CVE-2007-3942
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote malicious users to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerabi...
Simple Machines Simple Machines Forum 1.1.3
NA
CVE-2007-0399
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
Simple Machines Simple Machines Forum 1.1 Rc3
1 EDB exploit
NA
CVE-2006-5503
Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote malicious users to inject arbitrary web script or HTML via the action parameter.
Simple Machines Simple Machines Forum 1.1 Rc2
1 EDB exploit
6.5
CVSSv3
CVE-2019-12490
An issue exists in Simple Machines Forum (SMF) prior to 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links.
Simplemachines Simple Machines Forum
7.2
CVSSv3
CVE-2022-26982
SimpleMachinesForum 2.1.1 and previous versions allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to ...
Simplemachines Simple Machines Forum
4.9
CVSSv3
CVE-2013-0192
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
Simplemachines Simple Machines Forum
1 EDB exploit
9.8
CVSSv3
CVE-2018-10305
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) prior to 2.0.15 does not properly use the possible_users variable in a query, which might allow malicious users to bypass intended access restrictions.
Simplemachines Simple Machines Forum
7.2
CVSSv3
CVE-2009-5068
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arb...
Simplemachines Simple Machines Forum
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »