Simple Machines Forum@1.1 rc2 Security Vulnerabilities and Issues — Simple Machines Forum@1.1 rc2 CVE List

Lucene search

Simple MachinesSimple Machines Forum1.1 rc2

5 matches found

CVE•added 2009/04/07 7:30 p.m.•47 views

CVE-2008-6657

Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.

6.8CVSS7.3AI score0.01476EPSS

CVE•added 2009/04/07 7:30 p.m.•43 views

CVE-2008-6658

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a ...

4CVSS6.6AI score0.01153EPSS

CVE•added 2006/10/25 10:7 p.m.•42 views

CVE-2006-5504

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter.

4.3CVSS5.9AI score0.00409EPSS

CVE•added 2009/04/07 7:30 p.m.•39 views

CVE-2008-6659

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, rel...

5.5CVSS6.9AI score0.03554EPSS

CVE•added 2006/10/25 10:7 p.m.•30 views

CVE-2006-5503

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3CVSS6AI score0.00416EPSS