CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7438 – SimpleMachines SMF User Alert Read Status index.php resource injection
https://notcve.org/view.php?id=CVE-2024-7438
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. • https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md https://vuldb.com/?ctiid.273523 https://vuldb.com/?id.273523 https://vuldb.com/?submit.380190 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7437 – SimpleMachines SMF Delete User index.php resource injection
https://notcve.org/view.php?id=CVE-2024-7437
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. • https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md https://vuldb.com/?ctiid.273522 https://vuldb.com/?id.273522 https://vuldb.com/?submit.380189 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •