Vulnerabilities > Simple Machines > SMF > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-07-08 | CVE-2009-2385 | SQL Injection vulnerability in Fustrate Member Awards 1.0.2 SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. | 7.5 |
| 2008-04-30 | CVE-2008-2019 | Permissions, Privileges, and Access Controls vulnerability in Simple Machines SMF 1.1.4 Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. | 7.5 |