Vulnerabilities > Simplemachines > SMF > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-24 | CVE-2011-4173 | Cross-Site Request Forgery (CSRF) vulnerability in Simplemachines SMF 2.0 Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. | 6.8 |
| 2011-06-21 | CVE-2011-1131 | Information Exposure vulnerability in Simplemachines SMF The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search. | 5.0 |
| 2006-09-06 | CVE-2006-4564 | SQL Injection vulnerability in Simplemachines SMF 1.1 SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. | 5.1 |