CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-7467
https://notcve.org/view.php?id=CVE-2013-7467
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. Simple Machines Forum (SMF), en su versión 2.0.4, permite Cross-Site Scripting (XSS) mediante el parámetro sa en index.php?action=pm;sa=settings;save. • http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-7468
https://notcve.org/view.php?id=CVE-2013-7468
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. Simple Machines Forum (SMF), en su versión 2.0.4, permite la inyección de código PHP mediante el parámetro dictionary en index.php?action=admin;area=languages;sa=editlang. • https://packetstormsecurity.com/files/121391/public_phpInjection-smf204.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10305
https://notcve.org/view.php?id=CVE-2018-10305
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions. La función MessageSearch2 en PersonalMessage.php en Simple Machines Forum (SMF), en versiones anteriores a la 2.0.15, no emplea correctamente la variable possible_users en una consulta, lo que podría permitir que los atacantes omitan las restricciones de acceso planeadas. • https://www.simplemachines.org/community/index.php?topic=557176.0 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5727
https://notcve.org/view.php?id=CVE-2016-5727
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. LogInOut.php en Simple Machines Forum (SMF) 2.1 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de vectores relacionados con las variables derivadas de la entrada del usuario en un bucle foreach. • http://www.openwall.com/lists/oss-security/2016/06/10/7 http://www.openwall.com/lists/oss-security/2016/06/18/1 https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c https://github.com/SimpleMachines/SMF2.1/issues/3522 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5726
https://notcve.org/view.php?id=CVE-2016-5726
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. Packages.php en Simple Machines Forum (SMF) 2.1 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través del parámetro de array themechanges. • http://www.openwall.com/lists/oss-security/2016/06/10/7 http://www.openwall.com/lists/oss-security/2016/06/18/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •