Vulnerabilities > Simplemachines

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-05	CVE-2022-26982	Incorrect Permission Assignment for Critical Resource vulnerability in Simplemachines Simple Machines Forum SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. network low complexity simplemachines CWE-732	6.5
2020-03-20	CVE-2019-11574	Server-Side Request Forgery (SSRF) vulnerability in Simplemachines Simple Machine Forum An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. network low complexity simplemachines CWE-918	7.5
2020-02-12	CVE-2013-4395	Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum Simple Machines Forum (SMF) through 2.0.5 has XSS network simplemachines CWE-79	4.3
2020-02-07	CVE-2013-0192	Information Exposure vulnerability in Simplemachines Simple Machines Forum File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. network low complexity simplemachines CWE-200	4.0
2020-01-22	CVE-2019-12490	Unspecified vulnerability in Simplemachines Simple Machines Forum An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. network simplemachines	4.3
2020-01-15	CVE-2009-5068	Cleartext Storage of Sensitive Information vulnerability in Simplemachines Simple Machines Forum There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. network simplemachines CWE-312	3.5
2020-01-15	CVE-2005-4891	SQL Injection vulnerability in Simplemachines Simple Machine Forum Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. network low complexity simplemachines CWE-89	7.5
2019-03-07	CVE-2013-7468	Code Injection vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. network simplemachines CWE-94	6.8
2019-03-07	CVE-2013-7467	Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. network simplemachines CWE-79	4.3
2019-03-07	CVE-2013-7466	Path Traversal vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. network low complexity simplemachines CWE-22	6.5

Vulnerabilities > Simplemachines {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Simplemachines"}]}

Vulnerabilities > Simplemachines