298 matches found
CVE-2026-61520 Simple Machines Forum SSRF via image proxy
Simple Machines Forum 2.1 prior to commit 4bf35cf and 3.0 prior to commit b4d23df contains a server-side request forgery vulnerability in the image proxy that allows authenticated attackers to trigger internal HTTP requests by embedding attacker-controlled URLs in BBCode image tags, which the pro...
CVE-2026-61520
The CVE-2026-61520 entry documents a server-side request forgery in Simple Machines Forum (SMF) image proxy. Affected versions are SMF 2.1 prior to commit 4bf35cf and SMF 3.0 prior to commit b4d23df. The vulnerability allows authenticated attackers to trigger internal HTTP requests by embedding a...
CVE-2026-39903
Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...
EUVD-2026-42941
Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...
CVE-2026-39903
The CVE concerns Simple Machines Forum (SMF) 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5. A single-character operator error in Sources/Actions/AttachmentApprove.php causes the permission check to always pass, enabling an authenticated low-privilege user to approve, reject, or delete any pendi...
CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php
Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...
CVE-2026-39903
Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...
CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php
Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...
CVE-2026-39903 Simple Machines Forum Authorization Bypass via AttachmentApprove.php
Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...
CVE-2019-11574
An issue was discovered in Simple Machines Forum SMF before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls...
CVE-2019-12490
An issue was discovered in Simple Machines Forum SMF before 2.0.16. Reverse tabnabbing can occur because of use of blank for external links...
Simple Machines Forum (SMF) <= 2.1.6 XSS Vulnerability
Simple Machines Forum SMF is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-67163
A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...
CVE-2025-67163
A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...
CVE-2025-67163
A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...
PT-2025-52332
Name of the Vulnerable Software and Affected Versions Simple Machines Forum version 2.1.6 Description A stored cross-site scripting XSS issue exists in Simple Machines Forum. Successful exploitation allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the...
CVE-2025-67163
A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...
CVE-2025-67163
A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...
CVE-2025-67163
CVE-2025-67163 affects Simple Machines Forum (SMF) v2.1.6 (and SMF
Simple Machines Forum 安全漏洞
Simple Machines Forum SMF is an open source web forum system from the US-based SMF team. A security vulnerability exists in Simple Machines Forum version 2.1.6, which stems from improper handling of specially crafted inputs to the Forum Name parameter, and could lead to a stored cross-site...