Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simple machines simple machines forum vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2013-0192
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
Simplemachines Simple Machines Forum
1 EDB exploit
7.2
CVSSv3
CVE-2009-5068
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arb...
Simplemachines Simple Machines Forum
1 EDB exploit
NA
CVE-2006-6375
Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and previous versions allows remote malicious users to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be inter...
Simple Machines Smf 1.1 Final
Simple Machines Smf 1.1 Rc3
Simple Machines Smf 1.0.9
Simple Machines Smf 1.0 Beta5p
9.8
CVSSv3
CVE-2016-5726
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
Simplemachines Simple Machines Forum 2.1
8.8
CVSSv3
CVE-2016-5727
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
Simplemachines Simple Machines Forum 2.1
6.1
CVSSv3
CVE-2013-7467
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
Simplemachines Simple Machines Forum 2.0.4
8.8
CVSSv3
CVE-2013-7466
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
Simplemachines Simple Machines Forum 2.0.4
8.1
CVSSv3
CVE-2013-7468
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
Simplemachines Simple Machines Forum 2.0.4
NA
CVE-2008-0284
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and previous versions allows remote malicious users to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments.
Simple Machines Simple Machines Smf
NA
CVE-2008-0775
Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 up to and including 1.16b allows remote malicious users to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desi...
Simple Machines Smf Shoutbox 1.14
Simple Machines Smf Shoutbox 1.15
Simple Machines Smf Shoutbox 1.16b
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »