Vulnerabilities > Simplemachines

DATE CVE VULNERABILITY TITLE RISK
2020-01-15 CVE-2005-4891 SQL Injection vulnerability in Simplemachines Simple Machine Forum
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
network
low complexity
simplemachines CWE-89
critical
 9.8
9.8
2019-03-07 CVE-2013-7468 Code Injection vulnerability in Simplemachines Simple Machines Forum 2.0.4
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
network
high complexity
simplemachines CWE-94
8.1
8.1
2019-03-07 CVE-2013-7467 Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum 2.0.4
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
network
low complexity
simplemachines CWE-79
6.1
6.1
2019-03-07 CVE-2013-7466 Path Traversal vulnerability in Simplemachines Simple Machines Forum 2.0.4
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
network
low complexity
simplemachines CWE-22
8.8
8.8
2018-04-24 CVE-2018-10305 Unspecified vulnerability in Simplemachines Simple Machines Forum
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.
network
low complexity
simplemachines
critical
 9.8
9.8
2017-02-09 CVE-2016-5727 Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
network
low complexity
simplemachines CWE-94
8.8
8.8
2017-02-09 CVE-2016-5726 Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
network
low complexity
simplemachines CWE-94
critical
 9.8
9.8