CVSS: 5.3EPSS: 0%CPEs: 57EXPL: 0CVE-2011-1131
https://notcve.org/view.php?id=CVE-2011-1131
21 Jun 2011 — The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search. La función PlushSearch2 en Search.php de Simple Machines Forum (SMF)antes de v1.1.13 y v2.x antes de v2.0 RC5, usa ciertos datos alm... • http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 5%CPEs: 7EXPL: 2CVE-2008-6971 – Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password
https://notcve.org/view.php?id=CVE-2008-6971
13 Aug 2009 — The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges. La funcionalidad de reinicio de contraseña en Simple Machines Forum (SMF) v1.0.x anteriores a v1.0.14, v1.1.x anteriores a v1.1.6, y v2.0 anteriores a v2.0 beta 4 incluy... • https://www.exploit-db.com/exploits/6392 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4564
https://notcve.org/view.php?id=CVE-2006-4564
06 Sep 2006 — SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. Vulnerabilidad de inyección SQL en Sources/ManageBoards.php en Simple Machines Forum 1.1 RC3 permite a un atacante remoto ejecutar comandos SQL de su elección a través del parámetro cur_cat. • http://archives.neohapsis.com/archives/bugtraq/2006-09/0009.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •