Vulnerabilities (CVE)

Filtered by vendor Simplemachines Subscribe

Filtered by product Simple Machines Forum

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-10305	1 Simplemachines	1 Simple Machines Forum	2019-10-03	7.5 HIGH	9.8 CRITICAL
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.
CVE-2016-5726	1 Simplemachines	1 Simple Machines Forum	2017-02-23	7.5 HIGH	9.8 CRITICAL
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.