Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Simple Php Forum Security Vulnerabilities

cve
cve

CVE-2008-6544

Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. ....

7.9AI Score

0.136EPSS

2009-03-30 01:30 AM
36
cve
cve

CVE-2008-6741

SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a ""...

8.7AI Score

0.001EPSS

2009-04-21 06:30 PM
20
cve
cve

CVE-2008-6659

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action,...

6.9AI Score

0.018EPSS

2009-04-07 07:30 PM
24
cve
cve

CVE-2008-3072

Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack...

6.6AI Score

0.002EPSS

2008-07-08 06:41 PM
23
cve
cve

CVE-2007-5564

Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled; or the (2) user, (3) email, or (4) Real Name fields in a...

5.8AI Score

0.002EPSS

2007-10-18 08:17 PM
22
cve
cve

CVE-2007-3309

Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a...

7.6AI Score

0.016EPSS

2007-06-21 01:30 AM
26
cve
cve

CVE-2006-7088

Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2)...

9AI Score

0.002EPSS

2007-03-02 09:18 PM
21
cve
cve

CVE-2006-4467

Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read...

6.8AI Score

0.054EPSS

2006-08-31 08:04 PM
20
cve
cve

CVE-2005-2817

Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious...

6.4AI Score

0.01EPSS

2005-09-07 07:07 PM
37