Filtered by vendor Simplemachines
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11574 | 1 Simplemachines | 1 Simple Machine Forum | 2020-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls. | |||||
| CVE-2005-4891 | 1 Simplemachines | 1 Simple Machine Forum | 2020-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. | |||||
| CVE-2018-10305 | 1 Simplemachines | 1 Simple Machines Forum | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions. | |||||
| CVE-2016-5726 | 1 Simplemachines | 1 Simple Machines Forum | 2017-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | |||||