Vulnerabilities > Simplemachines > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-20 | CVE-2019-11574 | Server-Side Request Forgery (SSRF) vulnerability in Simplemachines Simple Machine Forum An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. | 9.8 |
| 2020-01-15 | CVE-2005-4891 | SQL Injection vulnerability in Simplemachines Simple Machine Forum Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. | 9.8 |
| 2018-04-24 | CVE-2018-10305 | Unspecified vulnerability in Simplemachines Simple Machines Forum The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions. | 9.8 |
| 2017-02-09 | CVE-2016-5726 | Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1 Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | 9.8 |