Page 5 of 22 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor ** DISPUTADA ** El fabricante y terceras partes han disputado este asunto. • http://archives.neohapsis.com/archives/bugtraq/2005-12/0090.html http://www.securityfocus.com/archive/1/419068/100/0/threaded http://www.securityfocus.com/archive/1/419105/100/0/threaded http://www.securityfocus.com/archive/1/419250/100/0/threaded http://www.securityfocus.com/archive/1/419535/100/0/threaded http://www.securityfocus.com/bid/15791 https://exchange.xforce.ibmcloud.com/vulnerabilities/23546 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server. • http://rgod.altervista.org/smf105.html http://seclists.org/lists/bugtraq/2005/Aug/0438.html http://secunia.com/advisories/16646 http://securitytracker.com/id?1014828 https://exchange.xforce.ibmcloud.com/vulnerabilities/22093 •