Vulnerabilities > Simplemachines

DATE CVE VULNERABILITY TITLE RISK
2020-03-20 CVE-2019-11574 Server-Side Request Forgery (SSRF) vulnerability in Simplemachines Simple Machine Forum
An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17.
network
low complexity
simplemachines CWE-918
7.5
2020-02-12 CVE-2013-4395 Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum
Simple Machines Forum (SMF) through 2.0.5 has XSS
4.3
2020-02-07 CVE-2013-0192 Information Exposure vulnerability in Simplemachines Simple Machines Forum
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
network
low complexity
simplemachines CWE-200
4.0
2020-01-22 CVE-2019-12490 Unspecified vulnerability in Simplemachines Simple Machines Forum
An issue was discovered in Simple Machines Forum (SMF) before 2.0.16.
network
simplemachines
4.3
2020-01-15 CVE-2009-5068 Cleartext Storage of Sensitive Information vulnerability in Simplemachines Simple Machines Forum
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3.
3.5
2020-01-15 CVE-2005-4891 SQL Injection vulnerability in Simplemachines Simple Machine Forum
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
network
low complexity
simplemachines CWE-89
7.5
2019-03-07 CVE-2013-7468 Code Injection vulnerability in Simplemachines Simple Machines Forum 2.0.4
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
6.8
2019-03-07 CVE-2013-7467 Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum 2.0.4
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
4.3
2019-03-07 CVE-2013-7466 Path Traversal vulnerability in Simplemachines Simple Machines Forum 2.0.4
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
network
low complexity
simplemachines CWE-22
6.5
2018-04-24 CVE-2018-10305 Unspecified vulnerability in Simplemachines Simple Machines Forum
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.
network
low complexity
simplemachines
7.5