Page 3 of 28 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. Simple Machines Forum (SMF), en su versión 2.0.4, permite Cross-Site Scripting (XSS) mediante el parámetro sa en index.php?action=pm;sa=settings;save. • http://hauntit.blogspot.com/2013/04/en-smf-204-full-disclosure.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. Simple Machines Forum (SMF), en su versión 2.0.4, permite la inyección de código PHP mediante el parámetro dictionary en index.php?action=admin;area=languages;sa=editlang. • https://packetstormsecurity.com/files/121391/public_phpInjection-smf204.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions. La función MessageSearch2 en PersonalMessage.php en Simple Machines Forum (SMF), en versiones anteriores a la 2.0.15, no emplea correctamente la variable possible_users en una consulta, lo que podría permitir que los atacantes omitan las restricciones de acceso planeadas. • https://www.simplemachines.org/community/index.php?topic=557176.0 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. LogInOut.php en Simple Machines Forum (SMF) 2.1 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de vectores relacionados con las variables derivadas de la entrada del usuario en un bucle foreach. • http://www.openwall.com/lists/oss-security/2016/06/10/7 http://www.openwall.com/lists/oss-security/2016/06/18/1 https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c https://github.com/SimpleMachines/SMF2.1/issues/3522 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. Packages.php en Simple Machines Forum (SMF) 2.1 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través del parámetro de array themechanges. • http://www.openwall.com/lists/oss-security/2016/06/10/7 http://www.openwall.com/lists/oss-security/2016/06/18/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •