Vulnerabilities > Simplemachines
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-05 | CVE-2022-26982 | Incorrect Permission Assignment for Critical Resource vulnerability in Simplemachines Simple Machines Forum SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. | 7.2 |
2020-03-20 | CVE-2019-11574 | Server-Side Request Forgery (SSRF) vulnerability in Simplemachines Simple Machine Forum An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. | 7.5 |
2020-02-12 | CVE-2013-4395 | Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum Simple Machines Forum (SMF) through 2.0.5 has XSS | 4.3 |
2020-02-07 | CVE-2013-0192 | Information Exposure vulnerability in Simplemachines Simple Machines Forum File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. | 4.0 |
2020-01-22 | CVE-2019-12490 | Unspecified vulnerability in Simplemachines Simple Machines Forum An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. network simplemachines | 4.3 |
2020-01-15 | CVE-2009-5068 | Cleartext Storage of Sensitive Information vulnerability in Simplemachines Simple Machines Forum There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. | 3.5 |
2020-01-15 | CVE-2005-4891 | SQL Injection vulnerability in Simplemachines Simple Machine Forum Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. | 7.5 |
2019-03-07 | CVE-2013-7468 | Code Injection vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. | 6.8 |
2019-03-07 | CVE-2013-7467 | Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. | 4.3 |
2019-03-07 | CVE-2013-7466 | Path Traversal vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. | 6.5 |