Vulnerabilities > Simplemachines > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-26982 | Code Injection vulnerability in Simplemachines Simple Machines Forum SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. | 7.2 |
| 2020-03-20 | CVE-2019-11574 | Server-Side Request Forgery (SSRF) vulnerability in Simplemachines Simple Machine Forum An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. | 7.5 |
| 2020-01-15 | CVE-2005-4891 | SQL Injection vulnerability in Simplemachines Simple Machine Forum Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. | 7.5 |
| 2018-04-24 | CVE-2018-10305 | Unspecified vulnerability in Simplemachines Simple Machines Forum The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions. | 7.5 |
| 2017-02-09 | CVE-2016-5726 | Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1 Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | 7.5 |
| 2014-04-29 | CVE-2013-7236 | Improper Input Validation vulnerability in Simplemachines Simple Machines Forum Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. | 7.5 |
| 2011-10-24 | CVE-2011-3615 | SQL Injection vulnerability in Simplemachines SMF Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. | 7.5 |
| 2011-06-21 | CVE-2011-1130 | Improper Input Validation vulnerability in Simplemachines SMF Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php. | 7.5 |
| 2011-06-21 | CVE-2011-1128 | Cryptographic Issues vulnerability in Simplemachines SMF The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack. | 7.5 |
| 2009-08-13 | CVE-2008-6971 | Credentials Management vulnerability in Simplemachines SMF The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges. | 7.5 |