Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simple machines simple machines forum vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-10305
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) prior to 2.0.15 does not properly use the possible_users variable in a query, which might allow malicious users to bypass intended access restrictions.
Simplemachines Simple Machines Forum
578
VMScore
CVE-2022-26982
SimpleMachinesForum 2.1.1 and previous versions allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to ...
Simplemachines Simple Machines Forum
605
VMScore
CVE-2006-6375
Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and previous versions allows remote malicious users to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be inter...
Simple Machines Smf 1.1 Final
Simple Machines Smf 1.1 Rc3
Simple Machines Smf 1.0.9
Simple Machines Smf 1.0 Beta5p
578
VMScore
CVE-2013-7466
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
Simplemachines Simple Machines Forum 2.0.4
605
VMScore
CVE-2013-7468
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
Simplemachines Simple Machines Forum 2.0.4
383
VMScore
CVE-2013-7467
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
Simplemachines Simple Machines Forum 2.0.4
668
VMScore
CVE-2016-5726
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
Simplemachines Simple Machines Forum 2.1
605
VMScore
CVE-2016-5727
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
Simplemachines Simple Machines Forum 2.1
383
VMScore
CVE-2008-0284
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and previous versions allows remote malicious users to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments.
Simple Machines Simple Machines Smf
383
VMScore
CVE-2008-0775
Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 up to and including 1.16b allows remote malicious users to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desi...
Simple Machines Smf Shoutbox 1.14
Simple Machines Smf Shoutbox 1.15
Simple Machines Smf Shoutbox 1.16b
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »