Simple Machines Forum@2.0.4 Security Vulnerabilities and Issues — Simple Machines Forum@2.0.4 CVE List

Lucene search

SimplemachinesSimple Machines Forum2.0.4

6 matches found

CVE•added 2013/10/25 11:55 p.m.•36 views

CVE-2013-4465

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified ...

4.6CVSS7.6AI score0.01273EPSS

CVE•added 2014/04/29 2:38 p.m.•36 views

CVE-2013-7235

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters.

7.5CVSS7AI score0.00675EPSS

CVE•added 2014/04/29 2:38 p.m.•35 views

CVE-2013-7234

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.

4.3CVSS6.9AI score0.00357EPSS

CVE•added 2019/03/07 11:29 p.m.•34 views

CVE-2013-7468

Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.

8.1CVSS8.4AI score0.00487EPSS

CVE•added 2019/03/07 11:29 p.m.•31 views

CVE-2013-7467

Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.

6.1CVSS6.5AI score0.0024EPSS

CVE•added 2019/03/07 11:29 p.m.•27 views

CVE-2013-7466

Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.

8.8CVSS8.7AI score0.01188EPSS