Lucene search
K
SimplemachinesSimple Machines Forum

20 matches found

CVE
CVE
added 2020/01/22 5:10 a.m.117 views

CVE-2019-12490

SMF contains a reverse tabnabbing flaw (CVE-2019-12490) in which external links opened with _blank can enable credential theft when a user visits a crafted site. Affected: Simple Machines Forum before 2.0.16. Root cause: improper handling of external links (target="_blank"). Impact documented as ...

6.5CVSS6.4AI score0.01574EPSS
CVE
CVE
added 2022/04/05 12:0 a.m.99 views

CVE-2022-26982

CVE-2022-26982 affects SimpleMachinesForum versions 2.1.1 and earlier. Affected scenario: remote authenticated administrators can execute arbitrary PHP code by inserting vulnerable PHP code through theme modification (e.g., via Admin.template.php) because themes can be altered by an administrator...

7.2CVSS7.2AI score0.09186EPSS
Web
CVE
CVE
added 2025/03/21 6:31 a.m.77 views

CVE-2025-2583

The CVE-2025-2583 entry concerns SimpleMachines SMF 2.1.4, with a cross-site scripting flaw in ManageNews.php triggered by manipulating the subject/message argument. Exploitation is described as possible remotely, and public PoCs are referenced, but the real existence of the vulnerability is expl...

6.1CVSS4.9AI score0.00362EPSS
Web
CVE
CVE
added 2020/01/15 8:27 p.m.76 views

CVE-2009-5068

The CVE concerns Simple Machines Forum (SMF) up to version 2.0.3. In some deployments, co-admins with access to the same SMF instance can read arbitrary files, including settings.php containing database passwords, enabling privilege escalation. No specific exploit details or mitigations are provi...

7.2CVSS6.8AI score0.01732EPSS
CVE
CVE
added 2025/03/21 6:31 a.m.70 views

CVE-2025-2582

The CVE-2025-2582 entry describes a cross-site scripting vulnerability in Simple Machines Forum (SMF) version 2.1.4, affecting the ManageAttachments.php file. The vulnerability results from manipulation of the Notice argument, enabling XSS. It is reported as exploitable remotely and the exploit h...

5.4CVSS4.6AI score0.00355EPSS
CVE
CVE
added 2017/02/09 3:0 p.m.64 views

CVE-2016-5726

CVE-2016-5726 affects SMF 2.1, where Packages.php is vulnerable to a PHP object injection via the themechanges array parameter, enabling remote code execution. The vulnerability stems from how user-supplied data within that parameter is processed, allowing an attacker to craft payloads that execu...

9.8CVSS9.7AI score0.01566EPSS
CVE
CVE
added 2018/04/24 2:0 a.m.56 views

CVE-2018-10305

CVE-2018-10305 (SMF) affects Simple Machines Forum prior to 2.0.15. The root cause is the MessageSearch2 function in PersonalMessage.php not properly using the possible_users variable in a query, enabling a remote attacker to bypass intended access restrictions. Impact is a security bypass of acc...

9.8CVSS9.3AI score0.01165EPSS
CVE
CVE
added 2020/02/07 1:29 p.m.51 views

CVE-2013-0192

CVE-2013-0192 affects Simple Machines Forum (SMF) up to version 2.0.3. The vulnerability is a file disclosure that enables a forum admin to read sensitive files, such as the database configuration, indicating insufficient access restrictions when handling file operations. The available sources (N...

4.9CVSS5.1AI score0.0376EPSS
CVE
CVE
added 2013/10/25 11:0 p.m.51 views

CVE-2013-4465

The CVE-2013-4465 issue affects Simple Machines Forum (SMF) prior to versions 2.0.6 and 2.1, where the avatar upload functionality permits an unrestricted file upload. The root cause is that an uploaded file with an executable extension can be stored and later retrieved via a direct request to a ...

4.6CVSS7.6AI score0.02376EPSS
CVE
CVE
added 2014/04/29 2:0 p.m.50 views

CVE-2013-7235

CVE-2013-7235 affects Simple Machines Forum (SMF) prior to 1.1.19 and SMF 2.x prior to 2.0.6. The vulnerability allows remote attackers to impersonate arbitrary users by exploiting multiple consecutive space characters in authentication-related input. The root cause appears to be improper handlin...

7.5CVSS7AI score0.01527EPSS
CVE
CVE
added 2019/03/07 10:0 p.m.48 views

CVE-2013-7468

Affected software: Simple Machines Forum (SMF) 2.0.4. Vulnerability: PHP Code Injection via the dictionary parameter in the index.php?action=admin;area=languages;sa=editlang path. Root cause (as described): unsafely processed user-supplied dictionary parameter enables code execution. Impact (as s...

8.1CVSS8.4AI score0.0168EPSS
CVE
CVE
added 2014/04/29 2:0 p.m.47 views

CVE-2013-7234

CVE-2013-7234 affects Simple Machines Forum (SMF). The vulnerability exists in SMF versions prior to 1.1.19 and prior to 2.0.6, where an improper handling of the page framing allows remote attackers to perform clickjacking via an X-Frame-Options header. The NVD entry lists this as a remote, heade...

4.3CVSS6.9AI score0.0118EPSS
CVE
CVE
added 2019/03/07 10:0 p.m.47 views

CVE-2013-7467

CVE-2013-7467 : Concrete details across multiple sources show that Simple Machines Forum (SMF) 2.0.4 is vulnerable to a cross-site scripting (XSS) issue. The vulnerability is triggered by the parameter in index.php with action=pm;sa=settings;save sa, allowing injection of script that can affect u...

6.1CVSS6.5AI score0.00848EPSS
CVE
CVE
added 2017/02/09 3:0 p.m.44 views

CVE-2016-5727

CVE-2016-5727 affects Simple Machines Forum (SMF) 2.1. The vulnerability allows remote attackers to perform PHP object injection and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. The description indicates an input-derived injection in LogIn...

8.8CVSS8.9AI score0.01527EPSS
CVE
CVE
added 2024/08/03 3:31 p.m.44 views

CVE-2024-7438

CVE-2024-7438 affects SimpleMachines SMF 2.1.4. The issue resides in the User Alert Read Status Handler, specifically the file /index.php?action=profile;u=2;area=showalerts;do=read. Manipulating the parameter aid leads to improper control of resource identifiers. The vulnerability is exploitable ...

5.3CVSS4.8AI score0.00484EPSS
CVE
CVE
added 2020/02/12 3:33 p.m.41 views

CVE-2013-4395

CVE-2013-4395 affects Simple Machines Forum (SMF) up to version 2.0.5, with a cross-site scripting (XSS) vulnerability. The connected records confirm the product and vulnerability class but do not provide technical details such as vulnerable components, exploit vectors, affected configurations, r...

6.1CVSS6AI score0.00986EPSS
CVE
CVE
added 2024/08/03 2:31 p.m.40 views

CVE-2024-7437

Affected software: SimpleMachines SMF 2.1.4. Vulnerability exists in the Delete User Handler component: /index.php?action=profile;u=2;area=showalerts;do=remove, where manipulation of the aid argument leads to improper control of resource identifiers. It enables remote attack and has publicly disc...

5.5CVSS5.7AI score0.00442EPSS
CVE
CVE
added 2014/04/29 2:0 p.m.38 views

CVE-2013-7236

CVE-2013-7236 affects Simple Machines Forum (SMF) versions 2.0.6, 1.1.19 and earlier. The root cause is a Unicode homoglyph character in a username that allows a remote attacker to impersonate arbitrary users. The public texts report this as a user-impersonation flaw without providing concrete ex...

7.5CVSS7AI score0.01527EPSS
CVE
CVE
added 2019/03/07 10:0 p.m.37 views

CVE-2013-7466

CVE-2013-7466 affects Simple Machines Forum (SMF) 2.0.4. The issue is a local file inclusion vulnerability in install.php that can execute remote code via an ../ directory traversal in the db_type parameter if install.php remains after installation. This is documented to enable remote code execut...

8.8CVSS8.7AI score0.04006EPSS
CVE
CVE
added 2025/12/18 12:0 a.m.25 views

CVE-2025-67163

CVE-2025-67163 affects Simple Machines Forum (SMF) v2.1.6 (and SMF

6.1CVSS5.2AI score0.00206EPSS