Lucene search
K

307 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:48 a.m.9 views

CVE-2011-1131

The PlushSearch2 function in Search.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created,...

5CVSS6.5AI score0.01242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:47 a.m.9 views

CVE-2011-1127

SSI.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors...

10CVSS7.2AI score0.02211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:26 a.m.11 views

CVE-2011-4173

Cross-site request forgery CSRF vulnerability in Simple Machines Forum SMF 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtaine...

7.5CVSS7.3AI score0.01144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:18 a.m.6 views

CVE-2013-4395

Simple Machines Forum SMF through 2.0.5 has XSS...

6.1CVSS7AI score0.00986EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:25 a.m.7 views

CVE-2011-1128

The loadUserSettings function in Load.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack...

7.5CVSS7.1AI score0.01386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:25 a.m.5 views

CVE-2011-1129

Cross-site scripting XSS vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a saveitems action...

3.5CVSS5.5AI score0.00858EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:5 p.m.18 views

CVE-2009-5068

There is a file disclosure vulnerability in SMF Simple Machines Forum affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesyste...

7.2CVSS6.9AI score0.01732EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/05/08 12:0 a.m.75 views

📄 ezPortal 5.6 SQL Injection

ezPortal version 5.6 for Simple Machines Forum suffers from a SQL injection issue that may be exploitable. Exploit Title: ezportal Advisory Portal Mod for SMF Local SQL injection Google Dork: inurl:index.php?action=ezportal Date: 2025-05-08 Exploit Author: Emiliano Febbi Vendor Homepage:...

8.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/03/21 12:0 a.m.5 views

PT-2025-12400 · Simple Machines · Simplemachines Smf

Name of the Vulnerable Software and Affected Versions: SimpleMachines SMF version 2.1.4 Description: A vulnerability was found in SimpleMachines SMF, affecting an unknown part of the file ManageNews.php. The manipulation of the subject/message argument leads to cross-site scripting. It is possibl...

6.1CVSS3.7AI score0.00362EPSS
Exploits1References13
CNNVD
CNNVD
added 2025/03/21 12:0 a.m.5 views

SMF(Simple Machines Forum) 跨站脚本漏洞

SMF Simple Machines Forum is a free, open source community forum project by Simple Machines Open Source. A cross-site scripting vulnerability exists in SMF Simple Machines Forum version 2.1.4, which stems from improper manipulation of the Notice parameter in the ManageAttachments.php file, and...

5.4CVSS4.2AI score0.00355EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/21 12:0 a.m.5 views

SMF 跨站脚本漏洞

SMF Simple Machines Forum is a free, open source community forum project by Simple Machines Open Source. A cross-site scripting vulnerability exists in SMF version 2.1.4, which stems from improper manipulation of the subject/message parameter in the ManageNews.php file, which could lead to a...

6.1CVSS4.2AI score0.00362EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/08/03 12:0 a.m.7 views

PT-2024-38348 · Simple Machines · Simplemachines Smf

Name of the Vulnerable Software and Affected Versions: SimpleMachines SMF version 2.1.4 Description: A vulnerability has been found in the User Alert Read Status Handler component, specifically in the file /index.php?action=profile;u=2;area=showalerts;do=read. The manipulation of the aid argument...

5.3CVSS5.8AI score0.00484EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/08/03 12:0 a.m.10 views

SMF 安全漏洞

SMF Simple Machines Forum is a free, open source community forum project from Simple Machines Open Source. A security vulnerability exists in SMF version 2.1.4 that stems from manipulation of the parameter aid resulting in improper control of resource identifiers...

5.3CVSS4.8AI score0.00484EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/08/03 12:0 a.m.6 views

PT-2024-38347 · Simple Machines · Simplemachines Smf

Name of the Vulnerable Software and Affected Versions: SimpleMachines SMF version 2.1.4 Description: A critical issue was found in the Delete User Handler component, specifically in the file /index.php?action=profile;u=2;area=showalerts;do=remove. The manipulation of the aid argument leads to...

5.5CVSS6AI score0.00442EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2022/04/05 3:15 p.m.2 views

CVE-2022-26982

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify theme...

7.2CVSS6.2AI score0.09186EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2022/04/05 12:0 a.m.6 views

PT-2022-18161 · Unknown · Simple Machines Forum

Name of the Vulnerable Software and Affected Versions: SimpleMachinesForum versions 2.1.1 and earlier Description: The issue allows remote authenticated administrators to execute arbitrary code by inserting vulnerable PHP code because themes can be modified by an administrator. The vendor's...

7.2CVSS7.7AI score0.09186EPSS
Exploits4References7
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.6 views

SimpleMachinesForum 代码注入漏洞

SimpleMachinesForum is an open source forum software. A code injection vulnerability exists in SimpleMachinesForum version 2.1.1 and earlier versions, which allows an authenticated, remote attacker to execute arbitrary code by inserting vulnerable php code...

7.2CVSS7.7AI score0.09186EPSS
Exploits4References5
OpenVAS
OpenVAS
added 2020/03/24 12:0 a.m.265 views

Simple Machines Forum (SMF) < 2.0.17 SSRF Vulnerability

Simple Machines Forum SMF is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.5AI score0.0147EPSS
Exploits1References1
CNVD
CNVD
added 2020/03/23 12:0 a.m.3 views

Simple Machines Forum Code Issue Vulnerability

Simple Machines Forum SMF is an open source web forum system by the SMF team in the United States. A code issue vulnerability exists in Simple Machines Forum SMF release prior to version 2.0.17. No details of the vulnerability are available at this time...

9.8CVSS7.1AI score0.0147EPSS
Exploits1References1
OSV
OSV
added 2020/03/20 11:15 p.m.4 views

CVE-2019-11574

An issue was discovered in Simple Machines Forum SMF before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls...

9.8CVSS5.8AI score0.0147EPSS
Exploits1References2
Rows per page
Query Builder