Vulnerabilities > Simplemachines
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-06-21 | CVE-2011-1127 | Permissions, Privileges, and Access Controls vulnerability in Simplemachines SMF SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors. | 10.0 |
2009-08-13 | CVE-2008-6971 | Credentials Management vulnerability in Simplemachines SMF The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges. | 7.5 |
2006-09-06 | CVE-2006-4564 | SQL Injection vulnerability in Simplemachines SMF 1.1 SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. | 5.1 |