3 matches found
Simple Machines Forum 2.1.4 Code Injection
Exploit Title: Authenticated Code Injection - smfv2.1.4 Date: 8/2024 Exploit Author: Andrey Stoykov Version: 2.1.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/06/friday-fun-pentest-series-7-smfv214.html Code Injection Authenticated: Steps to Reproduce: 1. Login as admin 2...
CVE-2024-7438
CVE-2024-7438 affects SimpleMachines SMF 2.1.4. The issue resides in the User Alert Read Status Handler, specifically the file /index.php?action=profile;u=2;area=showalerts;do=read. Manipulating the parameter aid leads to improper control of resource identifiers. The vulnerability is exploitable ...
CVE-2024-7437
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of...