The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) prior to 2.0.15 does not properly use the possible_users variable in a query, which might allow malicious users to bypass intended access restrictions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simplemachines simple machines forum |