307 matches found
CVE-2011-1131
The PlushSearch2 function in Search.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created,...
CVE-2011-1127
SSI.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors...
CVE-2011-4173
Cross-site request forgery CSRF vulnerability in Simple Machines Forum SMF 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtaine...
CVE-2013-4395
Simple Machines Forum SMF through 2.0.5 has XSS...
CVE-2011-1128
The loadUserSettings function in Load.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack...
CVE-2011-1129
Cross-site scripting XSS vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a saveitems action...
CVE-2009-5068
There is a file disclosure vulnerability in SMF Simple Machines Forum affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesyste...
📄 ezPortal 5.6 SQL Injection
ezPortal version 5.6 for Simple Machines Forum suffers from a SQL injection issue that may be exploitable. Exploit Title: ezportal Advisory Portal Mod for SMF Local SQL injection Google Dork: inurl:index.php?action=ezportal Date: 2025-05-08 Exploit Author: Emiliano Febbi Vendor Homepage:...
PT-2025-12400 · Simple Machines · Simplemachines Smf
Name of the Vulnerable Software and Affected Versions: SimpleMachines SMF version 2.1.4 Description: A vulnerability was found in SimpleMachines SMF, affecting an unknown part of the file ManageNews.php. The manipulation of the subject/message argument leads to cross-site scripting. It is possibl...
SMF(Simple Machines Forum) 跨站脚本漏洞
SMF Simple Machines Forum is a free, open source community forum project by Simple Machines Open Source. A cross-site scripting vulnerability exists in SMF Simple Machines Forum version 2.1.4, which stems from improper manipulation of the Notice parameter in the ManageAttachments.php file, and...
SMF 跨站脚本漏洞
SMF Simple Machines Forum is a free, open source community forum project by Simple Machines Open Source. A cross-site scripting vulnerability exists in SMF version 2.1.4, which stems from improper manipulation of the subject/message parameter in the ManageNews.php file, which could lead to a...
PT-2024-38348 · Simple Machines · Simplemachines Smf
Name of the Vulnerable Software and Affected Versions: SimpleMachines SMF version 2.1.4 Description: A vulnerability has been found in the User Alert Read Status Handler component, specifically in the file /index.php?action=profile;u=2;area=showalerts;do=read. The manipulation of the aid argument...
SMF 安全漏洞
SMF Simple Machines Forum is a free, open source community forum project from Simple Machines Open Source. A security vulnerability exists in SMF version 2.1.4 that stems from manipulation of the parameter aid resulting in improper control of resource identifiers...
PT-2024-38347 · Simple Machines · Simplemachines Smf
Name of the Vulnerable Software and Affected Versions: SimpleMachines SMF version 2.1.4 Description: A critical issue was found in the Delete User Handler component, specifically in the file /index.php?action=profile;u=2;area=showalerts;do=remove. The manipulation of the aid argument leads to...
CVE-2022-26982
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify theme...
PT-2022-18161 · Unknown · Simple Machines Forum
Name of the Vulnerable Software and Affected Versions: SimpleMachinesForum versions 2.1.1 and earlier Description: The issue allows remote authenticated administrators to execute arbitrary code by inserting vulnerable PHP code because themes can be modified by an administrator. The vendor's...
SimpleMachinesForum 代码注入漏洞
SimpleMachinesForum is an open source forum software. A code injection vulnerability exists in SimpleMachinesForum version 2.1.1 and earlier versions, which allows an authenticated, remote attacker to execute arbitrary code by inserting vulnerable php code...
Simple Machines Forum (SMF) < 2.0.17 SSRF Vulnerability
Simple Machines Forum SMF is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Simple Machines Forum Code Issue Vulnerability
Simple Machines Forum SMF is an open source web forum system by the SMF team in the United States. A code issue vulnerability exists in Simple Machines Forum SMF release prior to version 2.0.17. No details of the vulnerability are available at this time...
CVE-2019-11574
An issue was discovered in Simple Machines Forum SMF before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls...