4 matches found
CVE-2018-10305
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum SMF before 2.0.15 does not properly use the possibleusers variable in a query, which might allow attackers to bypass intended access restrictions...
Design/Logic Flaw
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum SMF before 2.0.15 does not properly use the possibleusers variable in a query, which might allow attackers to bypass intended access restrictions...
CVE-2018-10305
CVE-2018-10305 (SMF) affects Simple Machines Forum prior to 2.0.15. The root cause is the MessageSearch2 function in PersonalMessage.php not properly using the possible_users variable in a query, enabling a remote attacker to bypass intended access restrictions. Impact is a security bypass of acc...
Simple Machines Forum Access Restriction Bypass Vulnerability
Simple Machines Forum is an open source, Internet forum, message board program developed by Simple Machines. An access restriction bypass vulnerability exists in Simple Machines Forum before 2.0.15. The vulnerability arises because the MessageSearch2 function in PersonalMessage.php in Simple...