Vulnerabilities > Simplemachines > Simple Machines Forum > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-24 | CVE-2018-10305 | Unspecified vulnerability in Simplemachines Simple Machines Forum The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions. | 9.8 |
| 2017-02-09 | CVE-2016-5726 | Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1 Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | 9.8 |