CVE-2022-26982

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify theme...

SimpleMachinesForum 2.1.1 Remote Code Execution

Exploit Title: SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane Date: 7th March 2022 CVE ID: CVE-2022-26982 Confirmed on release 2.1.1 Vendor: https://download.simplemachines.org/ Note- Once we insert the vulnerabl...

SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution Vulnerability

Exploit Title: SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane CVE ID: CVE-2022-26982 Confirmed on release 2.1.1 Vendor: https://download.simplemachines.org/ Note- Once we insert the vulnerable php code, we can ev...

CVE-2022-26982

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify theme...

CVE-2022-26982

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify theme...

Code injection

DISPUTED SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to...

CVE-2022-26982

CVE-2022-26982 affects SimpleMachinesForum versions 2.1.1 and earlier. Affected scenario: remote authenticated administrators can execute arbitrary PHP code by inserting vulnerable PHP code through theme modification (e.g., via Admin.template.php) because themes can be altered by an administrator...

Simple Machines Forum <= 1.1.5 Password Reset Security Bypass Vulnerability

Simple Machines Forum 1.1.5 Password Reset Security Bypass Vulnerability. CVE-2008-6971. Webapps exploit for php platform source: http://www.securityfocus.com/bid/33219/info Simple Machines Forum is prone to a security-bypass vulnerability because it fails to adequately restrict access to the...

smf-reset.txt

?php echo "---------------------------------------------------------------\n"; echo "SMF = 1.1.5 Admin Reset Password Exploit win32-based servers\n"; echo "coded by Raz0r http://Raz0r.name/\n"; echo "---------------------------------------------------------------\n"; if $argc3 echo "USAGE:\n"; ec...