Vulnerabilites related to simplemachines - simple_machines_forum
Vulnerability from fkie_nvd
Published
2019-03-07 23:29
Modified
2024-11-21 02:01
Severity ?
Summary
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | 2.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A5363B-BB3B-4F51-9DA3-6136E3E79760",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter."
},
{
"lang": "es",
"value": "Simple Machines Forum (SMF), en su versi\u00f3n 2.0.4, permite Cross-Site Scripting (XSS) mediante el par\u00e1metro sa en index.php?action=pm;sa=settings;save."
}
],
"id": "CVE-2013-7467",
"lastModified": "2024-11-21T02:01:04.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-07T23:29:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-03 15:15
Modified
2024-09-11 14:39
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.273522 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.273522 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.380189 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | 2.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF35AE54-3B18-4459-900E-95D9F3D7E9BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SimpleMachines SMF 2.1.4 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /index.php?action=profile;u=2;area=showalerts;do=remove del componente Delete User Handler es afectada por esta funci\u00f3n. La manipulaci\u00f3n de la ayuda argumental conduce a un control inadecuado de los identificadores de recursos. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-273522 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2024-7437",
"lastModified": "2024-09-11T14:39:10.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-08-03T15:15:58.940",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.273522"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?id.273522"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.380189"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-99"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-29 14:38
Modified
2025-04-12 10:46
Severity ?
Summary
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F627D530-8577-42A2-96C8-5DF20FD19241",
"versionEndIncluding": "1.1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68BFA80B-10BE-48FA-A9F8-8FC163BBD18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4B7C0924-F85C-40FD-BC9F-5EE53890A411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta4.1:*:*:*:*:*:*",
"matchCriteriaId": "2114971F-15FC-440D-9D33-A7E6B7D3F59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5329B90A-7445-4FB4-858B-D635ABEA0EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "4B0D55E2-0320-4215-9A5A-A0BFB610D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "94DE27DB-1B1E-4CF5-9FA1-DF032502B71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A5EB9970-8CBA-4720-93CF-84C488872070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8DC2DE-AC37-4494-ADEC-581D26A34AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E23F5F-8068-4EBD-87C8-4B8F4F89CDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3A2DBF-6B9F-4B30-84F5-5AAB75B606C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "559D77F1-149B-4821-952E-2E06D5E3F69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1126ED56-1AD9-49AC-9A49-3803912F127E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "46B2AA68-7B2F-4AD3-982D-3CFCEA40643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "25A66112-67BE-4103-975F-D198698BE50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45E1F0FF-F232-4275-ADB7-F94AA3EE8964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB14433-1E1A-4FA9-894F-3D79443DE5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A97C8C51-68F1-459D-B03C-B213F68654E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "54B195D4-40DB-49F5-9AC4-B83D99DE1981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "60F37A70-AA61-4AE0-8920-15ACBE1AEA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C4BC27-5F7E-474E-B474-BFDABFE173FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6877EF64-339A-47F6-835D-DC558B3619F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6986D103-9B4A-47B5-BAF6-FDA81FC16158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4D15A07F-5513-4925-8312-0603EAF387D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "575B6D4F-D694-4DED-AEBB-D34629D41FC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAD1A1-BB63-4918-B025-3E1ECACDC6FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4643B638-C3F6-4CFC-9501-8D7FDC287C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3350A780-870C-4482-879B-1F80676CE2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE07B07-9CD5-4F30-8F51-A79CCD467FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7087FAD5-5063-4258-84E4-8B430D05AF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF1364E-1796-43B5-941A-052E3FA63EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "88E050C4-E6B4-4FDE-A83E-CC98B969D3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F924AC18-B3A4-4E8E-9993-301F53F6FE10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "38E1CB35-4103-4404-8D50-A721FF99B1B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "CF59A8D2-6321-4823-B94F-5B889566948C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B0DFADF1-3B8A-4670-B332-2FC4EF85D7D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1EA2D287-8BE8-4428-B112-E1385DFFB783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C03C87DB-6604-444B-AFB5-D80CCA9ED105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F48ABB45-0DD0-4113-B998-E27D246317A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEC624B-F259-4A57-8E75-36101B15AC29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B533493-36FF-47D2-9924-7277BA3550E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81C9A-5DB5-491B-AF8A-FD87E7A7ACC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CA96EA1B-256C-4E42-999B-B2EC30A82E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39376239-D851-4614-9F54-4DE077DA2BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEBAF17-902E-441A-AE39-A2457522866B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7223B467-DFEC-4D01-9FA4-537151DBD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E5C3-47C2-414B-8D79-A2FC70C9DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD39E15-2741-4B54-B78D-F5C4FBF596DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "880D38A1-308F-46F4-A3D9-4278506CD84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A709B4-EBAE-4B45-BA9C-F3FB1A787790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DA543E42-55B7-454A-8E65-017DD537DDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5863684-6E4F-4972-B853-A8CECE8FC101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6EACAE2B-9ADD-4B3E-9770-F4EEE4F29862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "65ECB5EA-AFC0-4B1D-84E2-22F90A0A728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F361B121-0997-49A1-A19A-D24993387131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "80A86957-5B72-4253-8B79-FC05CE564F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta2.1:*:*:*:*:*:*",
"matchCriteriaId": "31C69C1D-5EF5-4C6D-856A-05A5CC412E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C9DE5EB6-E432-408A-AB75-D8488B443B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta3.1:*:*:*:*:*:*",
"matchCriteriaId": "3DEEFF9F-CED8-494A-81FD-B1B8E70B2807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FE36B704-A3B2-4A22-BF88-10BFD2F57C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "41B55F0F-EA85-4D0A-B1F3-3D154F9C661C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24674663-6C74-461B-89EA-73FC2CB69DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "30151B7B-FE60-473B-881A-B401DEE7741F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "442CCC37-8DD0-4061-8B45-E8E5674CAFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "65EA52AB-234F-4485-B253-E0ABA40DFC90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC7978C-B3BE-479C-8733-DDD5100A9CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FBD4174-51EE-4A3A-AE72-297F33F09905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7AD0D1-655E-41F7-B40D-B62DAF96D124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A5363B-BB3B-4F51-9DA3-6136E3E79760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "717154E9-F66D-4AA0-8D3C-F44282BAA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AD2EC0-1514-446E-A945-BA6CDBB975A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header."
},
{
"lang": "es",
"value": "Simple Machines Forum (SMF) anterior a 1.1.19 y 2.x anterior a 2.0.6 permite a atacantes remotos realizar ataques de clickjacking a trav\u00e9s de una cabecera X-Frame-Options."
}
],
"id": "CVE-2013-7234",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-29T14:38:47.607",
"references": [
{
"source": "cve@mitre.org",
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"source": "cve@mitre.org",
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-07 23:29
Modified
2024-11-21 02:01
Severity ?
Summary
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | 2.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A5363B-BB3B-4F51-9DA3-6136E3E79760",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation."
},
{
"lang": "es",
"value": "Simple Machines Forum (SMF), en su versi\u00f3n 2.0.4, permite la inclusi\u00f3n local de archivos con una ejecuci\u00f3n remota de c\u00f3digo resultante en install.php mediante el salto de directorio ../ en el par\u00e1metro db_type si install.php est\u00e1 presente despu\u00e9s de la instalaci\u00f3n."
}
],
"id": "CVE-2013-7466",
"lastModified": "2024-11-21T02:01:04.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-07T23:29:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-24 02:29
Modified
2024-11-21 03:41
Severity ?
Summary
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.simplemachines.org/community/index.php?topic=557176.0 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.simplemachines.org/community/index.php?topic=557176.0 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97A9F727-FF42-4238-A5F3-1F964992BB33",
"versionEndExcluding": "2.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions."
},
{
"lang": "es",
"value": "La funci\u00f3n MessageSearch2 en PersonalMessage.php en Simple Machines Forum (SMF), en versiones anteriores a la 2.0.15, no emplea correctamente la variable possible_users en una consulta, lo que podr\u00eda permitir que los atacantes omitan las restricciones de acceso planeadas."
}
],
"id": "CVE-2018-10305",
"lastModified": "2024-11-21T03:41:11.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-24T02:29:00.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.simplemachines.org/community/index.php?topic=557176.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.simplemachines.org/community/index.php?topic=557176.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-15 21:15
Modified
2024-11-21 01:11
Severity ?
Summary
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/02/01/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/02/01/4 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EA48D5-FBF4-415F-85D8-10DA8D0D109F",
"versionEndIncluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several \"co-admins\" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de divulgaci\u00f3n de archivos en SMF (Simple Machines Forum) afectando a las versiones hasta la versi\u00f3n v2.0.3. En algunas configuraciones un despliegue SMF es compartido por varios \"co-admins\" en los que no se conf\u00eda m\u00e1s all\u00e1 del despliegue SMF. Esta vulnerabilidad les permite leer archivos arbitrarios en el sistema de archivos y, por lo tanto, alcanzar nuevos privilegios para leer los archivos settings.php con las contrase\u00f1as de la base de datos."
}
],
"id": "CVE-2009-5068",
"lastModified": "2024-11-21T01:11:06.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-15T21:15:11.813",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/01/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/01/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-29 14:38
Modified
2025-04-12 10:46
Severity ?
Summary
Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F627D530-8577-42A2-96C8-5DF20FD19241",
"versionEndIncluding": "1.1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68BFA80B-10BE-48FA-A9F8-8FC163BBD18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4B7C0924-F85C-40FD-BC9F-5EE53890A411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta4.1:*:*:*:*:*:*",
"matchCriteriaId": "2114971F-15FC-440D-9D33-A7E6B7D3F59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5329B90A-7445-4FB4-858B-D635ABEA0EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "4B0D55E2-0320-4215-9A5A-A0BFB610D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "94DE27DB-1B1E-4CF5-9FA1-DF032502B71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A5EB9970-8CBA-4720-93CF-84C488872070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8DC2DE-AC37-4494-ADEC-581D26A34AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E23F5F-8068-4EBD-87C8-4B8F4F89CDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3A2DBF-6B9F-4B30-84F5-5AAB75B606C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "559D77F1-149B-4821-952E-2E06D5E3F69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1126ED56-1AD9-49AC-9A49-3803912F127E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "46B2AA68-7B2F-4AD3-982D-3CFCEA40643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "25A66112-67BE-4103-975F-D198698BE50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45E1F0FF-F232-4275-ADB7-F94AA3EE8964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB14433-1E1A-4FA9-894F-3D79443DE5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A97C8C51-68F1-459D-B03C-B213F68654E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "54B195D4-40DB-49F5-9AC4-B83D99DE1981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "60F37A70-AA61-4AE0-8920-15ACBE1AEA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C4BC27-5F7E-474E-B474-BFDABFE173FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6877EF64-339A-47F6-835D-DC558B3619F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6986D103-9B4A-47B5-BAF6-FDA81FC16158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4D15A07F-5513-4925-8312-0603EAF387D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "575B6D4F-D694-4DED-AEBB-D34629D41FC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAD1A1-BB63-4918-B025-3E1ECACDC6FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4643B638-C3F6-4CFC-9501-8D7FDC287C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3350A780-870C-4482-879B-1F80676CE2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE07B07-9CD5-4F30-8F51-A79CCD467FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7087FAD5-5063-4258-84E4-8B430D05AF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF1364E-1796-43B5-941A-052E3FA63EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "88E050C4-E6B4-4FDE-A83E-CC98B969D3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F924AC18-B3A4-4E8E-9993-301F53F6FE10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "38E1CB35-4103-4404-8D50-A721FF99B1B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "CF59A8D2-6321-4823-B94F-5B889566948C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B0DFADF1-3B8A-4670-B332-2FC4EF85D7D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1EA2D287-8BE8-4428-B112-E1385DFFB783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C03C87DB-6604-444B-AFB5-D80CCA9ED105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F48ABB45-0DD0-4113-B998-E27D246317A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEC624B-F259-4A57-8E75-36101B15AC29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B533493-36FF-47D2-9924-7277BA3550E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81C9A-5DB5-491B-AF8A-FD87E7A7ACC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CA96EA1B-256C-4E42-999B-B2EC30A82E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39376239-D851-4614-9F54-4DE077DA2BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEBAF17-902E-441A-AE39-A2457522866B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7223B467-DFEC-4D01-9FA4-537151DBD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E5C3-47C2-414B-8D79-A2FC70C9DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD39E15-2741-4B54-B78D-F5C4FBF596DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "880D38A1-308F-46F4-A3D9-4278506CD84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A709B4-EBAE-4B45-BA9C-F3FB1A787790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DA543E42-55B7-454A-8E65-017DD537DDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5863684-6E4F-4972-B853-A8CECE8FC101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6EACAE2B-9ADD-4B3E-9770-F4EEE4F29862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "65ECB5EA-AFC0-4B1D-84E2-22F90A0A728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AD2EC0-1514-446E-A945-BA6CDBB975A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username."
},
{
"lang": "es",
"value": "Simple Machines Forum (SMF) 2.0.6, 1.1.19, y anteriores permite a atacantes remotos suplantar usuarios arbitrarios a trav\u00e9s de un car\u00e1cter Unicode hom\u00f3grafos en un nombre de usuario."
}
],
"id": "CVE-2013-7236",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-29T14:38:47.657",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"source": "cve@mitre.org",
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-21 07:15
Modified
2025-04-21 13:15
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/Fewword/Poc/blob/main/smf/smf-poc3.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/Fewword/Poc/blob/main/smf/smf-poc4.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.300542 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.300542 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.511999 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | 2.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF35AE54-3B18-4459-900E-95D9F3D7E9BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SimpleMachines SMF 2.1.4 y se clasific\u00f3 como problem\u00e1tica. Este problema afecta a una funcionalidad desconocida del archivo ManageAttachments.php. La manipulaci\u00f3n del argumento \"Aviso\" provoca ataques de cross site scripting. El ataque podr\u00eda ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n."
}
],
"id": "CVE-2025-2582",
"lastModified": "2025-04-21T13:15:56.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-03-21T07:15:36.953",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc3.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc4.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.300542"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?id.300542"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.511999"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-03 16:15
Modified
2024-09-11 14:39
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.273523 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.273523 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.380190 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | 2.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF35AE54-3B18-4459-900E-95D9F3D7E9BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en SimpleMachines SMF 2.1.4 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /index.php?action=profile;u=2;area=showalerts;do=read del componente User Alert Read Status Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n de la ayuda argumental conduce a un control inadecuado de los identificadores de recursos. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-273523. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2024-7438",
"lastModified": "2024-09-11T14:39:12.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-08-03T16:15:49.270",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.273523"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?id.273523"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.380190"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-99"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-09 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/06/10/7 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/06/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/06/10/7 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/06/18/1 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "774F215A-067D-4597-9EA0-B5393F089062",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter."
},
{
"lang": "es",
"value": "Packages.php en Simple Machines Forum (SMF) 2.1 permite a atacantes remotos llevar a cabo ataques de inyecci\u00f3n de objetos PHP y ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s del par\u00e1metro de array themechanges."
}
],
"id": "CVE-2016-5726",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-09T15:59:01.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/18/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-05 15:15
Modified
2024-11-21 06:54
Severity ?
Summary
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77E4A157-0F14-445E-9816-25679DE67657",
"versionEndIncluding": "2.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor\u0027s position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server."
},
{
"lang": "es",
"value": "SimpleMachinesForum versiones 2.1.1 y anteriores, permiten a administradores remotos autenticados ejecutar c\u00f3digo arbitrario al insertar un c\u00f3digo php vulnerable porque los temas pueden ser modificados por un administrador"
}
],
"id": "CVE-2022-26982",
"lastModified": "2024-11-21T06:54:54.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-05T15:15:08.553",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/171486/SimpleMachinesForum-2.1.1-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/sartlabs/0days/blob/main/SimpleMachinesForum/Exploit.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171486/SimpleMachinesForum-2.1.1-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/sartlabs/0days/blob/main/SimpleMachinesForum/Exploit.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-21 07:15
Modified
2025-04-21 13:15
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/Fewword/Poc/blob/main/smf/smf-poc5.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/Fewword/Poc/blob/main/smf/smf-poc6.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.300543 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.300543 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.512001 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | 2.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF35AE54-3B18-4459-900E-95D9F3D7E9BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SimpleMachines SMF 2.1.4. Se ha clasificado como problem\u00e1tica. Afecta a una parte desconocida del archivo ManageNews.php. La manipulaci\u00f3n del argumento asunto/mensaje provoca ataques de cross site scripting. Es posible iniciar el ataque de forma remota. El exploit se ha divulgado p\u00fablicamente y podr\u00eda utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n."
}
],
"id": "CVE-2025-2583",
"lastModified": "2025-04-21T13:15:57.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-03-21T07:15:37.157",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc5.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc6.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.300543"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.300543"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.512001"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-09 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "774F215A-067D-4597-9EA0-B5393F089062",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop."
},
{
"lang": "es",
"value": "LogInOut.php en Simple Machines Forum (SMF) 2.1 permite a atacantes remotos llevar a cabo ataques de inyecci\u00f3n de objetos PHP y ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de vectores relacionados con las variables derivadas de la entrada del usuario en un bucle foreach."
}
],
"id": "CVE-2016-5727",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-09T15:59:01.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/18/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/SimpleMachines/SMF2.1/issues/3522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/SimpleMachines/SMF2.1/issues/3522"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-29 14:38
Modified
2025-04-12 10:46
Severity ?
Summary
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F627D530-8577-42A2-96C8-5DF20FD19241",
"versionEndIncluding": "1.1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68BFA80B-10BE-48FA-A9F8-8FC163BBD18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4B7C0924-F85C-40FD-BC9F-5EE53890A411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta4.1:*:*:*:*:*:*",
"matchCriteriaId": "2114971F-15FC-440D-9D33-A7E6B7D3F59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5329B90A-7445-4FB4-858B-D635ABEA0EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "4B0D55E2-0320-4215-9A5A-A0BFB610D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "94DE27DB-1B1E-4CF5-9FA1-DF032502B71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A5EB9970-8CBA-4720-93CF-84C488872070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8DC2DE-AC37-4494-ADEC-581D26A34AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E23F5F-8068-4EBD-87C8-4B8F4F89CDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3A2DBF-6B9F-4B30-84F5-5AAB75B606C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "559D77F1-149B-4821-952E-2E06D5E3F69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1126ED56-1AD9-49AC-9A49-3803912F127E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "46B2AA68-7B2F-4AD3-982D-3CFCEA40643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "25A66112-67BE-4103-975F-D198698BE50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45E1F0FF-F232-4275-ADB7-F94AA3EE8964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB14433-1E1A-4FA9-894F-3D79443DE5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A97C8C51-68F1-459D-B03C-B213F68654E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "54B195D4-40DB-49F5-9AC4-B83D99DE1981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "60F37A70-AA61-4AE0-8920-15ACBE1AEA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C4BC27-5F7E-474E-B474-BFDABFE173FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6877EF64-339A-47F6-835D-DC558B3619F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6986D103-9B4A-47B5-BAF6-FDA81FC16158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4D15A07F-5513-4925-8312-0603EAF387D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "575B6D4F-D694-4DED-AEBB-D34629D41FC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAD1A1-BB63-4918-B025-3E1ECACDC6FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4643B638-C3F6-4CFC-9501-8D7FDC287C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3350A780-870C-4482-879B-1F80676CE2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE07B07-9CD5-4F30-8F51-A79CCD467FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7087FAD5-5063-4258-84E4-8B430D05AF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF1364E-1796-43B5-941A-052E3FA63EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "88E050C4-E6B4-4FDE-A83E-CC98B969D3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F924AC18-B3A4-4E8E-9993-301F53F6FE10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "38E1CB35-4103-4404-8D50-A721FF99B1B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "CF59A8D2-6321-4823-B94F-5B889566948C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B0DFADF1-3B8A-4670-B332-2FC4EF85D7D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1EA2D287-8BE8-4428-B112-E1385DFFB783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C03C87DB-6604-444B-AFB5-D80CCA9ED105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F48ABB45-0DD0-4113-B998-E27D246317A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEC624B-F259-4A57-8E75-36101B15AC29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B533493-36FF-47D2-9924-7277BA3550E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81C9A-5DB5-491B-AF8A-FD87E7A7ACC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CA96EA1B-256C-4E42-999B-B2EC30A82E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39376239-D851-4614-9F54-4DE077DA2BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEBAF17-902E-441A-AE39-A2457522866B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7223B467-DFEC-4D01-9FA4-537151DBD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E5C3-47C2-414B-8D79-A2FC70C9DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD39E15-2741-4B54-B78D-F5C4FBF596DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "880D38A1-308F-46F4-A3D9-4278506CD84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A709B4-EBAE-4B45-BA9C-F3FB1A787790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DA543E42-55B7-454A-8E65-017DD537DDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5863684-6E4F-4972-B853-A8CECE8FC101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6EACAE2B-9ADD-4B3E-9770-F4EEE4F29862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "65ECB5EA-AFC0-4B1D-84E2-22F90A0A728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F361B121-0997-49A1-A19A-D24993387131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "80A86957-5B72-4253-8B79-FC05CE564F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta2.1:*:*:*:*:*:*",
"matchCriteriaId": "31C69C1D-5EF5-4C6D-856A-05A5CC412E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C9DE5EB6-E432-408A-AB75-D8488B443B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta3.1:*:*:*:*:*:*",
"matchCriteriaId": "3DEEFF9F-CED8-494A-81FD-B1B8E70B2807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FE36B704-A3B2-4A22-BF88-10BFD2F57C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "41B55F0F-EA85-4D0A-B1F3-3D154F9C661C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24674663-6C74-461B-89EA-73FC2CB69DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "30151B7B-FE60-473B-881A-B401DEE7741F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "442CCC37-8DD0-4061-8B45-E8E5674CAFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "65EA52AB-234F-4485-B253-E0ABA40DFC90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC7978C-B3BE-479C-8733-DDD5100A9CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FBD4174-51EE-4A3A-AE72-297F33F09905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7AD0D1-655E-41F7-B40D-B62DAF96D124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A5363B-BB3B-4F51-9DA3-6136E3E79760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "717154E9-F66D-4AA0-8D3C-F44282BAA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AD2EC0-1514-446E-A945-BA6CDBB975A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters."
},
{
"lang": "es",
"value": "Simple Machines Forum (SMF) anterior a 1.1.19 y 2.x anterior a 2.0.6 permite a atacantes remotos suplantar usuarios arbitrarios a trav\u00e9s de m\u00faltiples caracteres de espacio."
}
],
"id": "CVE-2013-7235",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-29T14:38:47.623",
"references": [
{
"source": "cve@mitre.org",
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"source": "cve@mitre.org",
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-07 14:15
Modified
2024-11-21 01:47
Severity ?
Summary
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/01/17/5 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/01/31/1 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/02/01/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/01/17/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/01/31/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/02/01/4 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EA48D5-FBF4-415F-85D8-10DA8D0D109F",
"versionEndIncluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "File Disclosure in SMF (SimpleMachines Forum) \u003c= 2.0.3: Forum admin can read files such as the database config."
},
{
"lang": "es",
"value": "Una Divulgaci\u00f3n de Archivos en SMF (SimpleMachines Forum) versiones anteriores a 2.0.3 incluy\u00e9ndola: el administrador del foro puede leer archivos tales como el database config."
}
],
"id": "CVE-2013-0192",
"lastModified": "2024-11-21T01:47:02.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-07T14:15:10.920",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/31/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/01/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/31/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/01/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-12 16:15
Modified
2024-11-21 01:55
Severity ?
Summary
Simple Machines Forum (SMF) through 2.0.5 has XSS
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/10/01/8 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/10/02/1 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/10/02/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/10/01/8 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/10/02/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/10/02/3 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE3B1FA-5A5A-4261-A4DE-E68B96309997",
"versionEndIncluding": "2.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) through 2.0.5 has XSS"
},
{
"lang": "es",
"value": "Simple Machines Forum (SMF) versiones hasta 2.0.5, presenta una vulnerabilidad de tipo XSS."
}
],
"id": "CVE-2013-4395",
"lastModified": "2024-11-21T01:55:29.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-12T16:15:11.020",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-07 23:29
Modified
2024-11-21 02:01
Severity ?
Summary
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/121391/public_phpInjection-smf204.txt | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/121391/public_phpInjection-smf204.txt | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | 2.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A5363B-BB3B-4F51-9DA3-6136E3E79760",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter."
},
{
"lang": "es",
"value": "Simple Machines Forum (SMF), en su versi\u00f3n 2.0.4, permite la inyecci\u00f3n de c\u00f3digo PHP mediante el par\u00e1metro dictionary en index.php?action=admin;area=languages;sa=editlang."
}
],
"id": "CVE-2013-7468",
"lastModified": "2024-11-21T02:01:04.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-07T23:29:00.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/121391/public_phpInjection-smf204.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/121391/public_phpInjection-smf204.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-25 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE3B1FA-5A5A-4261-A4DE-E68B96309997",
"versionEndIncluding": "2.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68BFA80B-10BE-48FA-A9F8-8FC163BBD18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8DC2DE-AC37-4494-ADEC-581D26A34AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E23F5F-8068-4EBD-87C8-4B8F4F89CDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3A2DBF-6B9F-4B30-84F5-5AAB75B606C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "559D77F1-149B-4821-952E-2E06D5E3F69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1126ED56-1AD9-49AC-9A49-3803912F127E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "46B2AA68-7B2F-4AD3-982D-3CFCEA40643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "25A66112-67BE-4103-975F-D198698BE50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "45E1F0FF-F232-4275-ADB7-F94AA3EE8964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB14433-1E1A-4FA9-894F-3D79443DE5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A97C8C51-68F1-459D-B03C-B213F68654E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "54B195D4-40DB-49F5-9AC4-B83D99DE1981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "60F37A70-AA61-4AE0-8920-15ACBE1AEA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C4BC27-5F7E-474E-B474-BFDABFE173FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6877EF64-339A-47F6-835D-DC558B3619F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6986D103-9B4A-47B5-BAF6-FDA81FC16158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4D15A07F-5513-4925-8312-0603EAF387D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "575B6D4F-D694-4DED-AEBB-D34629D41FC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAD1A1-BB63-4918-B025-3E1ECACDC6FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4643B638-C3F6-4CFC-9501-8D7FDC287C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3350A780-870C-4482-879B-1F80676CE2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE07B07-9CD5-4F30-8F51-A79CCD467FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7087FAD5-5063-4258-84E4-8B430D05AF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF1364E-1796-43B5-941A-052E3FA63EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F48ABB45-0DD0-4113-B998-E27D246317A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEC624B-F259-4A57-8E75-36101B15AC29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B533493-36FF-47D2-9924-7277BA3550E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81C9A-5DB5-491B-AF8A-FD87E7A7ACC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CA96EA1B-256C-4E42-999B-B2EC30A82E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39376239-D851-4614-9F54-4DE077DA2BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEBAF17-902E-441A-AE39-A2457522866B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7223B467-DFEC-4D01-9FA4-537151DBD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDDA21E-F192-45A0-8E53-1CDC614D58B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E5C3-47C2-414B-8D79-A2FC70C9DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD39E15-2741-4B54-B78D-F5C4FBF596DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "880D38A1-308F-46F4-A3D9-4278506CD84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A709B4-EBAE-4B45-BA9C-F3FB1A787790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DA543E42-55B7-454A-8E65-017DD537DDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5863684-6E4F-4972-B853-A8CECE8FC101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6EACAE2B-9ADD-4B3E-9770-F4EEE4F29862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "65ECB5EA-AFC0-4B1D-84E2-22F90A0A728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA503D5C-94A2-43F3-B70A-07539A834850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC7978C-B3BE-479C-8733-DDD5100A9CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FBD4174-51EE-4A3A-AE72-297F33F09905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7AD0D1-655E-41F7-B40D-B62DAF96D124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A5363B-BB3B-4F51-9DA3-6136E3E79760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "774F215A-067D-4597-9EA0-B5393F089062",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
},
{
"lang": "es",
"value": "vulnerabilidad de subida sin restricci\u00f3n de archivos en la funcionalidad avatar upload en Simple Machines Forum antes de 2.0.6 y 2.1 que permite a los usuarios remotos autenticados ejecutar c\u00f3digo arbitrario mediante la carga de un archivo con una extensi\u00f3n ejecutable , y a continuaci\u00f3n, acceder a \u00e9l a trav\u00e9s de una petici\u00f3n directa al archivo en un directorio no especificado ."
}
],
"evaluatorComment": "CWE-434: Unrestricted Upload of File with Dangerous Type per http://cwe.mitre.org/data/definitions/434.html",
"id": "CVE-2013-4465",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-25T23:55:04.130",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/23/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/63275"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/SimpleMachines/SMF2.1/issues/701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/23/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/SimpleMachines/SMF2.1/issues/701"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 06:15
Modified
2024-11-21 04:22
Severity ?
Summary
An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.simplemachines.org/community/index.php?topic=570986.0 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=gCVeFoxZ1DI | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.simplemachines.org/community/index.php?topic=570986.0 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=gCVeFoxZ1DI | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplemachines | simple_machines_forum | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6136E745-6D95-4E2D-83BF-BB5DA52A5622",
"versionEndExcluding": "2.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Simple Machines Forum (SMF) versiones anteriores a 2.0.16. Un tabnabbing inverso puede presentarse debido al uso de _blank para enlaces externos."
}
],
"id": "CVE-2019-12490",
"lastModified": "2024-11-21T04:22:57.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T06:15:10.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.simplemachines.org/community/index.php?topic=570986.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=gCVeFoxZ1DI"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.simplemachines.org/community/index.php?topic=570986.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=gCVeFoxZ1DI"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-7437 (GCVE-0-2024-7437)
Vulnerability from cvelistv5
Published
2024-08-03 14:31
Modified
2024-08-10 06:26
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-99 - Improper Control of Resource Identifiers
Summary
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SimpleMachines | SMF |
Version: 2.1.4 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:simplemachines:simple_machine_forum:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_machine_forum",
"vendor": "simplemachines",
"versions": [
{
"status": "affected",
"version": "2.1.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7437",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:21:49.377339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T14:24:08.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Delete User Handler"
],
"product": "SMF",
"vendor": "SimpleMachines",
"versions": [
{
"status": "affected",
"version": "2.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Fewwords (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SimpleMachines SMF 2.1.4 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /index.php?action=profile;u=2;area=showalerts;do=remove der Komponente Delete User Handler. Durch das Manipulieren des Arguments aid mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.5,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-99",
"description": "CWE-99 Improper Control of Resource Identifiers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-10T06:26:10.103Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273522 | SimpleMachines SMF Delete User index.php resource injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273522"
},
{
"name": "VDB-273522 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273522"
},
{
"name": "Submit #380189 | SimpleMachines SMF 2.1.4 Insecure Direct Object Reference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.380189"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-10T08:31:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "SimpleMachines SMF Delete User index.php resource injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7437",
"datePublished": "2024-08-03T14:31:04.930Z",
"dateReserved": "2024-08-02T21:22:25.233Z",
"dateUpdated": "2024-08-10T06:26:10.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2582 (GCVE-0-2025-2582)
Vulnerability from cvelistv5
Published
2025-03-21 06:31
Modified
2025-04-21 12:41
Severity ?
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SimpleMachines | SMF |
Version: 2.1.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2582",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T13:56:58.651390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T13:57:15.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SMF",
"vendor": "SimpleMachines",
"versions": [
{
"status": "affected",
"version": "2.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Fewwords (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in SimpleMachines SMF 2.1.4 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei ManageAttachments.php. Dank der Manipulation des Arguments Notice mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T12:41:42.523Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300542 | SimpleMachines SMF ManageAttachments.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.300542"
},
{
"name": "VDB-300542 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300542"
},
{
"name": "Submit #511999 | SimpleMachines SMF 2.1.4 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.511999"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc3.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc4.md"
}
],
"tags": [
"disputed"
],
"timeline": [
{
"lang": "en",
"time": "2025-03-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-20T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-21T14:46:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "SimpleMachines SMF ManageAttachments.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2582",
"datePublished": "2025-03-21T06:31:04.195Z",
"dateReserved": "2025-03-20T22:59:14.375Z",
"dateUpdated": "2025-04-21T12:41:42.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5726 (GCVE-0-2016-5726)
Vulnerability from cvelistv5
Published
2017-02-09 15:00
Modified
2024-08-06 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160618 Re: Simple Machines Forums - PHP Object Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/18/1"
},
{
"name": "[oss-security] 20160610 Simple Machines Forums - PHP Object Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160618 Re: Simple Machines Forums - PHP Object Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/18/1"
},
{
"name": "[oss-security] 20160610 Simple Machines Forums - PHP Object Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160618 Re: Simple Machines Forums - PHP Object Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/18/1"
},
{
"name": "[oss-security] 20160610 Simple Machines Forums - PHP Object Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5726",
"datePublished": "2017-02-09T15:00:00",
"dateReserved": "2016-06-18T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26982 (GCVE-0-2022-26982)
Vulnerability from cvelistv5
Published
2022-04-05 00:00
Modified
2024-08-03 05:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:39.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sartlabs/0days/blob/main/SimpleMachinesForum/Exploit.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171486/SimpleMachinesForum-2.1.1-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor\u0027s position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/sartlabs/0days/blob/main/SimpleMachinesForum/Exploit.txt"
},
{
"url": "http://packetstormsecurity.com/files/171486/SimpleMachinesForum-2.1.1-Remote-Code-Execution.html"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26982",
"datePublished": "2022-04-05T00:00:00",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-03T05:18:39.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7468 (GCVE-0-2013-7468)
Vulnerability from cvelistv5
Published
2019-03-07 22:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/121391/public_phpInjection-smf204.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-07T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/121391/public_phpInjection-smf204.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/121391/public_phpInjection-smf204.txt",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/121391/public_phpInjection-smf204.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7468",
"datePublished": "2019-03-07T22:00:00",
"dateReserved": "2019-02-05T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4395 (GCVE-0-2013-4395)
Vulnerability from cvelistv5
Published
2020-02-12 15:33
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- XSS
Summary
Simple Machines Forum (SMF) through 2.0.5 has XSS
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMF",
"vendor": "SMF",
"versions": [
{
"status": "affected",
"version": "through 2.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) through 2.0.5 has XSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T15:33:53",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMF",
"version": {
"version_data": [
{
"version_value": "through 2.0.5"
}
]
}
}
]
},
"vendor_name": "SMF"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) through 2.0.5 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/10/01/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/8"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/10/02/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/1"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/10/02/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4395",
"datePublished": "2020-02-12T15:33:53",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7234 (GCVE-0-2013-7234)
Vulnerability from cvelistv5
Published
2014-04-29 14:00
Modified
2024-08-06 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"name": "[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"name": "20131213 Multiple vulnerabilities in SMF forum software",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"name": "[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"name": "20131213 Multiple vulnerabilities in SMF forum software",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"name": "[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"name": "20131213 Multiple vulnerabilities in SMF forum software",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"name": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/",
"refsource": "MISC",
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"name": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt",
"refsource": "CONFIRM",
"url": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7234",
"datePublished": "2014-04-29T14:00:00",
"dateReserved": "2013-12-29T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10305 (GCVE-0-2018-10305)
Vulnerability from cvelistv5
Published
2018-04-24 02:00
Modified
2024-08-05 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:06.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.simplemachines.org/community/index.php?topic=557176.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-24T02:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.simplemachines.org/community/index.php?topic=557176.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.simplemachines.org/community/index.php?topic=557176.0",
"refsource": "MISC",
"url": "https://www.simplemachines.org/community/index.php?topic=557176.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10305",
"datePublished": "2018-04-24T02:00:00",
"dateReserved": "2018-04-23T00:00:00",
"dateUpdated": "2024-08-05T07:39:06.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7235 (GCVE-0-2013-7235)
Vulnerability from cvelistv5
Published
2014-04-29 14:00
Modified
2024-08-06 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"name": "[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"name": "20131213 Multiple vulnerabilities in SMF forum software",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"name": "[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"name": "20131213 Multiple vulnerabilities in SMF forum software",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"name": "[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"name": "20131213 Multiple vulnerabilities in SMF forum software",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"name": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/",
"refsource": "MISC",
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"name": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt",
"refsource": "CONFIRM",
"url": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7235",
"datePublished": "2014-04-29T14:00:00",
"dateReserved": "2013-12-29T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4465 (GCVE-0-2013-4465)
Vulnerability from cvelistv5
Published
2013-10-25 23:00
Modified
2024-09-16 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SimpleMachines/SMF2.1/issues/701"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
},
{
"name": "63275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63275"
},
{
"name": "[oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/3"
},
{
"name": "[oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/23/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-25T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SimpleMachines/SMF2.1/issues/701"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt"
},
{
"name": "63275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63275"
},
{
"name": "[oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/3"
},
{
"name": "[oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/23/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SimpleMachines/SMF2.1/issues/701",
"refsource": "CONFIRM",
"url": "https://github.com/SimpleMachines/SMF2.1/issues/701"
},
{
"name": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt",
"refsource": "CONFIRM",
"url": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt"
},
{
"name": "63275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63275"
},
{
"name": "[oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/3"
},
{
"name": "[oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/23/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4465",
"datePublished": "2013-10-25T23:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-16T22:09:41.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7236 (GCVE-0-2013-7236)
Vulnerability from cvelistv5
Published
2014-04-29 14:00
Modified
2024-08-06 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"name": "[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"name": "20131213 Multiple vulnerabilities in SMF forum software",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"name": "[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"name": "20131213 Multiple vulnerabilities in SMF forum software",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"name": "[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"name": "20131213 Multiple vulnerabilities in SMF forum software",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"name": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/",
"refsource": "MISC",
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7236",
"datePublished": "2014-04-29T14:00:00",
"dateReserved": "2013-12-29T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5068 (GCVE-0-2009-5068)
Vulnerability from cvelistv5
Published
2020-01-15 20:27
Modified
2024-08-07 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- file disclosure
Summary
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/01/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMF",
"vendor": "SMF",
"versions": [
{
"status": "affected",
"version": "through 2.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several \"co-admins\" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "file disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T20:27:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/01/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-5068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMF",
"version": {
"version_data": [
{
"version_value": "through 2.0.3"
}
]
}
}
]
},
"vendor_name": "SMF"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several \"co-admins\" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "file disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/02/01/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/02/01/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-5068",
"datePublished": "2020-01-15T20:27:08",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-07T07:24:54.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7467 (GCVE-0-2013-7467)
Vulnerability from cvelistv5
Published
2019-03-07 22:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-07T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html",
"refsource": "MISC",
"url": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7467",
"datePublished": "2019-03-07T22:00:00",
"dateReserved": "2019-02-05T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0192 (GCVE-0-2013-0192)
Vulnerability from cvelistv5
Published
2020-02-07 13:29
Modified
2024-08-06 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- file exposure
Summary
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/01/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/31/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMF",
"vendor": "SMF",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "File Disclosure in SMF (SimpleMachines Forum) \u003c= 2.0.3: Forum admin can read files such as the database config."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "file exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T13:29:07",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/01/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/31/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMF",
"version": {
"version_data": [
{
"version_value": "\u003c= 2.0.3"
}
]
}
}
]
},
"vendor_name": "SMF"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "File Disclosure in SMF (SimpleMachines Forum) \u003c= 2.0.3: Forum admin can read files such as the database config."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "file exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/02/01/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/02/01/4"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/5"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/01/31/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/01/31/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0192",
"datePublished": "2020-02-07T13:29:07",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7466 (GCVE-0-2013-7466)
Vulnerability from cvelistv5
Published
2019-03-07 22:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-07T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html",
"refsource": "MISC",
"url": "http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7466",
"datePublished": "2019-03-07T22:00:00",
"dateReserved": "2019-02-05T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12490 (GCVE-0-2019-12490)
Vulnerability from cvelistv5
Published
2020-01-22 05:10
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.simplemachines.org/community/index.php?topic=570986.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=gCVeFoxZ1DI"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T05:10:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.simplemachines.org/community/index.php?topic=570986.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=gCVeFoxZ1DI"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.simplemachines.org/community/index.php?topic=570986.0",
"refsource": "MISC",
"url": "https://www.simplemachines.org/community/index.php?topic=570986.0"
},
{
"name": "https://www.youtube.com/watch?v=gCVeFoxZ1DI",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=gCVeFoxZ1DI"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12490",
"datePublished": "2020-01-22T05:10:39",
"dateReserved": "2019-05-30T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5727 (GCVE-0-2016-5727)
Vulnerability from cvelistv5
Published
2017-02-09 15:00
Modified
2024-08-06 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SimpleMachines/SMF2.1/issues/3522"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c"
},
{
"name": "[oss-security] 20160618 Re: Simple Machines Forums - PHP Object Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/18/1"
},
{
"name": "[oss-security] 20160610 Simple Machines Forums - PHP Object Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SimpleMachines/SMF2.1/issues/3522"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c"
},
{
"name": "[oss-security] 20160618 Re: Simple Machines Forums - PHP Object Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/18/1"
},
{
"name": "[oss-security] 20160610 Simple Machines Forums - PHP Object Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SimpleMachines/SMF2.1/issues/3522",
"refsource": "CONFIRM",
"url": "https://github.com/SimpleMachines/SMF2.1/issues/3522"
},
{
"name": "https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c",
"refsource": "CONFIRM",
"url": "https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c"
},
{
"name": "[oss-security] 20160618 Re: Simple Machines Forums - PHP Object Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/18/1"
},
{
"name": "[oss-security] 20160610 Simple Machines Forums - PHP Object Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5727",
"datePublished": "2017-02-09T15:00:00",
"dateReserved": "2016-06-18T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2583 (GCVE-0-2025-2583)
Vulnerability from cvelistv5
Published
2025-03-21 06:31
Modified
2025-04-21 12:41
Severity ?
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SimpleMachines | SMF |
Version: 2.1.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2583",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T12:46:42.953502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T12:47:00.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SMF",
"vendor": "SimpleMachines",
"versions": [
{
"status": "affected",
"version": "2.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Fewwords (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SimpleMachines SMF 2.1.4 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei ManageNews.php. Dank Manipulation des Arguments subject/message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T12:41:44.675Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300543 | SimpleMachines SMF ManageNews.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.300543"
},
{
"name": "VDB-300543 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300543"
},
{
"name": "Submit #512001 | SimpleMachines SMF 2.1.4 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.512001"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc5.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc6.md"
}
],
"tags": [
"disputed"
],
"timeline": [
{
"lang": "en",
"time": "2025-03-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-20T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-21T14:46:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "SimpleMachines SMF ManageNews.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2583",
"datePublished": "2025-03-21T06:31:06.127Z",
"dateReserved": "2025-03-20T22:59:17.047Z",
"dateUpdated": "2025-04-21T12:41:44.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7438 (GCVE-0-2024-7438)
Vulnerability from cvelistv5
Published
2024-08-03 15:31
Modified
2024-08-10 06:26
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-99 - Improper Control of Resource Identifiers
Summary
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SimpleMachines | SMF |
Version: 2.1.4 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:simplemachines:simple_machines_forum:2.1.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_machines_forum",
"vendor": "simplemachines",
"versions": [
{
"status": "affected",
"version": "2.1.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7438",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T16:07:57.411421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T16:10:53.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"User Alert Read Status Handler"
],
"product": "SMF",
"vendor": "SimpleMachines",
"versions": [
{
"status": "affected",
"version": "2.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Fewwords (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In SimpleMachines SMF 2.1.4 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /index.php?action=profile;u=2;area=showalerts;do=read der Komponente User Alert Read Status Handler. Durch Manipulieren des Arguments aid mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-99",
"description": "CWE-99 Improper Control of Resource Identifiers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-10T06:26:12.241Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273523 | SimpleMachines SMF User Alert Read Status index.php resource injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273523"
},
{
"name": "VDB-273523 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273523"
},
{
"name": "Submit #380190 | SimpleMachines SMF 2.1.4 Insecure Direct Object Reference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.380190"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-10T08:31:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "SimpleMachines SMF User Alert Read Status index.php resource injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7438",
"datePublished": "2024-08-03T15:31:03.669Z",
"dateReserved": "2024-08-02T21:22:28.219Z",
"dateUpdated": "2024-08-10T06:26:12.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}