Vulnerabilities > Simplemachines > Simple Machines Forum > 1.0.22
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-05 | CVE-2022-26982 | Code Injection vulnerability in Simplemachines Simple Machines Forum SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. | 7.2 |
2020-02-12 | CVE-2013-4395 | Cross-site Scripting vulnerability in Simplemachines Simple Machines Forum Simple Machines Forum (SMF) through 2.0.5 has XSS | 4.3 |
2020-02-07 | CVE-2013-0192 | Information Exposure vulnerability in Simplemachines Simple Machines Forum File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. | 4.0 |
2020-01-22 | CVE-2019-12490 | Unspecified vulnerability in Simplemachines Simple Machines Forum An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. network simplemachines | 4.3 |
2020-01-15 | CVE-2009-5068 | Cleartext Storage of Sensitive Information vulnerability in Simplemachines Simple Machines Forum There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. | 3.5 |
2018-04-24 | CVE-2018-10305 | Unspecified vulnerability in Simplemachines Simple Machines Forum The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions. | 7.5 |
2014-04-29 | CVE-2013-7236 | Improper Input Validation vulnerability in Simplemachines Simple Machines Forum Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. | 7.5 |