CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7438 – SimpleMachines SMF User Alert Read Status index.php resource injection
https://notcve.org/view.php?id=CVE-2024-7438
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. • https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md https://vuldb.com/?ctiid.273523 https://vuldb.com/?id.273523 https://vuldb.com/?submit.380190 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7437 – SimpleMachines SMF Delete User index.php resource injection
https://notcve.org/view.php?id=CVE-2024-7437
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. • https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md https://vuldb.com/?ctiid.273522 https://vuldb.com/?id.273522 https://vuldb.com/?submit.380189 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.2EPSS: 2%CPEs: 1EXPL: 2CVE-2022-26982 – SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-26982
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server. SimpleMachinesForum versiones 2.1.1 y anteriores, permiten a administradores remotos autenticados ejecutar código arbitrario al insertar un código php vulnerable porque los temas pueden ser modificados por un administrador SimpleMachinesForum version 2.1.1 suffers from an authenticated remote code execution vulnerability. • https://www.exploit-db.com/exploits/51057 http://packetstormsecurity.com/files/171486/SimpleMachinesForum-2.1.1-Remote-Code-Execution.html https://github.com/sartlabs/0days/blob/main/SimpleMachinesForum/Exploit.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11574
https://notcve.org/view.php?id=CVE-2019-11574
An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls. Se detectó un problema en Simple Machines Forum (SMF) versiones anteriores a 2.0.17. Se presenta un ataque de tipo SSRF relacionado con los archivos Subs-Package.php y Subs.php porque los datos suministrados por el usuario son utilizados directamente en llamadas curl. • https://pastebin.com/raw/prE3iiLm https://www.simplemachines.org/community/index.php?board=1.0 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4395
https://notcve.org/view.php?id=CVE-2013-4395
Simple Machines Forum (SMF) through 2.0.5 has XSS Simple Machines Forum (SMF) versiones hasta 2.0.5, presenta una vulnerabilidad de tipo XSS. • http://www.openwall.com/lists/oss-security/2013/10/01/8 http://www.openwall.com/lists/oss-security/2013/10/02/1 http://www.openwall.com/lists/oss-security/2013/10/02/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •