CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11574
https://notcve.org/view.php?id=CVE-2019-11574
An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls. Se detectó un problema en Simple Machines Forum (SMF) versiones anteriores a 2.0.17. Se presenta un ataque de tipo SSRF relacionado con los archivos Subs-Package.php y Subs.php porque los datos suministrados por el usuario son utilizados directamente en llamadas curl. • https://pastebin.com/raw/prE3iiLm https://www.simplemachines.org/community/index.php?board=1.0 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2005-4891 – Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection
https://notcve.org/view.php?id=CVE-2005-4891
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. Simple Machine Forum (SMF) versiones 1.0.4 y anteriores, presentan una vulnerabilidad de inyección SQL que permite a atacantes remotos inyectar sentencias SQL arbitrarias. • https://www.exploit-db.com/exploits/1057 http://www.openwall.com/lists/oss-security/2012/11/14/10 https://securiteam.com/exploits/5HP0N0KG0O • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •