Vulnerabilities > Simple Machines > SMF
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-17 | CVE-2012-5903 | Cross-Site Scripting vulnerability in Simple Machines SMF 2.0.2 Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. | 4.3 |
| 2009-07-08 | CVE-2009-2385 | SQL Injection vulnerability in Fustrate Member Awards 1.0.2 SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. | 7.5 |
| 2008-04-30 | CVE-2008-2019 | Permissions, Privileges, and Access Controls vulnerability in Simple Machines SMF 1.1.4 Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. | 7.5 |
| 2006-12-07 | CVE-2006-6375 | HTML Injection vulnerability in SMF Image File Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. network simple-machines | 6.8 |
| 2004-05-05 | CVE-2004-1996 | HTML Injection vulnerability in Simple Machines SMF 1.0Beta4.1/1.0Beta4P/1.0Beta5P Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. network simple-machines | 4.3 |