Vulnerabilities > Simplemachines

DATE CVE VULNERABILITY TITLE RISK
2022-04-05 CVE-2022-26982 Incorrect Permission Assignment for Critical Resource vulnerability in Simplemachines Simple Machines Forum
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator.
network
low complexity
simplemachines CWE-732
6.5
2020-03-20 CVE-2019-11574 Server-Side Request Forgery (SSRF) vulnerability in Simplemachines Simple Machine Forum
An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17.
network
low complexity
simplemachines CWE-918
7.5
2020-02-12 CVE-2013-4395 Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum
Simple Machines Forum (SMF) through 2.0.5 has XSS
4.3
2020-02-07 CVE-2013-0192 Information Exposure vulnerability in Simplemachines Simple Machines Forum
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
network
low complexity
simplemachines CWE-200
4.0
2020-01-22 CVE-2019-12490 Unspecified vulnerability in Simplemachines Simple Machines Forum
An issue was discovered in Simple Machines Forum (SMF) before 2.0.16.
network
simplemachines
4.3
2020-01-15 CVE-2009-5068 Cleartext Storage of Sensitive Information vulnerability in Simplemachines Simple Machines Forum
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3.
3.5
2020-01-15 CVE-2005-4891 SQL Injection vulnerability in Simplemachines Simple Machine Forum
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
network
low complexity
simplemachines CWE-89
7.5
2019-03-07 CVE-2013-7468 Code Injection vulnerability in Simplemachines Simple Machines Forum 2.0.4
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
6.8
2019-03-07 CVE-2013-7467 Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum 2.0.4
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
4.3
2019-03-07 CVE-2013-7466 Path Traversal vulnerability in Simplemachines Simple Machines Forum 2.0.4
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
network
low complexity
simplemachines CWE-22
6.5