Simplemachines » Simple Machines Forum : Security Vulnerabilities, CVEs, CVSS score >= 8

CVE-2018-10305

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.
Max CVSS
9.8
EPSS Score
0.18%
Published
2018-04-24
Updated
2019-10-03

CVE-2016-5727

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
Max CVSS
8.8
EPSS Score
0.49%
Published
2017-02-09
Updated
2017-02-23

CVE-2016-5726

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
Max CVSS
9.8
EPSS Score
0.25%
Published
2017-02-09
Updated
2017-02-23

CVE-2013-7468

Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
Max CVSS
8.1
EPSS Score
0.40%
Published
2019-03-07
Updated
2019-03-08

CVE-2013-7466

Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
Max CVSS
8.8
EPSS Score
0.29%
Published
2019-03-07
Updated
2019-03-12
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close