7 matches found
Sql injection
SQL injection vulnerability in Load.php in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the dbcharacterset parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "" backslash...
CVE-2008-6741
SQL injection vulnerability in Load.php in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the dbcharacterset parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "" backslash...
CVE-2008-6544
Concretely, CVE-2008-6544 affects Simple Machines Forum (SMF) 1.1.4. The vulnerability is described as PHP remote file inclusion via the settings[default_theme_dir] parameter to two endpoints: Sources/Subs-Graphics.php and Sources/Themes.php. The underlying issue involves allowing a URL to influe...
Cross site scripting
Cross-site scripting XSS vulnerability in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 Itemid or 2 topic arguments...
CVE-2008-0284
Cross-site scripting XSS vulnerability in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 Itemid or 2 topic arguments...
CVE-2008-0284
CVE-2008-0284 affects Simple Machines Forum (SMF) 1.1.4 and earlier. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the Itemid or topic parameters. Impact described as enabling script execution in the context of the a...
Code injection
Simple Machines Forum SMF 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message...