Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-03	CVE-2024-7438	Authorization Bypass Through User-Controlled Key vulnerability in Simplemachines Simple Machines Forum 2.1.4 A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. network low complexity simplemachines CWE-639	4.3
2024-08-03	CVE-2024-7437	Authorization Bypass Through User-Controlled Key vulnerability in Simplemachines Simple Machines Forum 2.1.4 A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. network low complexity simplemachines CWE-639	4.3
2020-02-12	CVE-2013-4395	Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum Simple Machines Forum (SMF) through 2.0.5 has XSS network simplemachines CWE-79	4.3
2020-02-07	CVE-2013-0192	Information Exposure vulnerability in Simplemachines Simple Machines Forum File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. network low complexity simplemachines CWE-200	4.0
2020-01-22	CVE-2019-12490	Unspecified vulnerability in Simplemachines Simple Machines Forum An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. network simplemachines	4.3
2019-03-07	CVE-2013-7468	Code Injection vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. network simplemachines CWE-94	6.8
2019-03-07	CVE-2013-7467	Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. network simplemachines CWE-79	4.3
2019-03-07	CVE-2013-7466	Path Traversal vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. network low complexity simplemachines CWE-22	6.5
2017-02-09	CVE-2016-5727	Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1 LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. network simplemachines CWE-94	6.8
2011-10-24	CVE-2011-4173	Cross-Site Request Forgery (CSRF) vulnerability in Simplemachines SMF 2.0 Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. network simplemachines CWE-352	6.8