Simple Machines Forum Security Vulnerabilities and Issues — Simple Machines Forum CVE List

Lucene search

Simple MachinesSimple Machines Forum

4 matches found

CVE•added 2006/08/31 8:4 p.m.•46 views

CVE-2006-4467

Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arb...

7.5CVSS6.8AI score0.04833EPSS

CVE•added 2006/10/25 10:7 p.m.•43 views

CVE-2006-5504

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter.

4.3CVSS5.9AI score0.00409EPSS

CVE•added 2006/02/25 11:2 a.m.•39 views

CVE-2006-0896

Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field.

4.3CVSS5.7AI score0.01316EPSS

Web

CVE•added 2006/10/25 10:7 p.m.•31 views

CVE-2006-5503

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3CVSS6AI score0.00416EPSS