Simple Machines Forum

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-03	CVE-2024-7438	Authorization Bypass Through User-Controlled Key vulnerability in Simplemachines Simple Machines Forum 2.1.4 A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. network low complexity simplemachines CWE-639	4.3
2024-08-03	CVE-2024-7437	Authorization Bypass Through User-Controlled Key vulnerability in Simplemachines Simple Machines Forum 2.1.4 A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. network low complexity simplemachines CWE-639	4.3
2022-04-05	CVE-2022-26982	Code Injection vulnerability in Simplemachines Simple Machines Forum SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. network low complexity simplemachines CWE-94	7.2
2020-02-12	CVE-2013-4395	Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum Simple Machines Forum (SMF) through 2.0.5 has XSS network simplemachines CWE-79	4.3
2020-02-07	CVE-2013-0192	Information Exposure vulnerability in Simplemachines Simple Machines Forum File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. network low complexity simplemachines CWE-200	4.0
2020-01-22	CVE-2019-12490	Unspecified vulnerability in Simplemachines Simple Machines Forum An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. network simplemachines	4.3
2020-01-15	CVE-2009-5068	Cleartext Storage of Sensitive Information vulnerability in Simplemachines Simple Machines Forum There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. network simplemachines CWE-312	3.5
2019-03-07	CVE-2013-7468	Code Injection vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. network simplemachines CWE-94	6.8
2019-03-07	CVE-2013-7467	Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. network simplemachines CWE-79	4.3
2019-03-07	CVE-2013-7466	Path Traversal vulnerability in Simplemachines Simple Machines Forum 2.0.4 Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. network low complexity simplemachines CWE-22	6.5