2 matches found
CVE-2018-10305
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum SMF before 2.0.15 does not properly use the possibleusers variable in a query, which might allow attackers to bypass intended access restrictions...
CVE-2018-10305
CVE-2018-10305 (SMF) affects Simple Machines Forum prior to 2.0.15. The root cause is the MessageSearch2 function in PersonalMessage.php not properly using the possible_users variable in a query, enabling a remote attacker to bypass intended access restrictions. Impact is a security bypass of acc...