Filtered by vendor Simplemachines Subscriptions
Total 28 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-1128 1 Simplemachines 1 Smf 2024-11-21 N/A
The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.
CVE-2011-1127 1 Simplemachines 1 Smf 2024-11-21 N/A
SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.
CVE-2009-5068 1 Simplemachines 1 Simple Machines Forum 2024-11-21 7.2 High
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.
CVE-2008-6971 1 Simplemachines 1 Smf 2024-11-21 N/A
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.
CVE-2006-4564 1 Simplemachines 1 Smf 2024-11-21 N/A
SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter.
CVE-2005-4891 1 Simplemachines 1 Simple Machine Forum 2024-11-21 9.8 Critical
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
CVE-2024-7438 1 Simplemachines 1 Simple Machines Forum 2024-09-11 4.3 Medium
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7437 1 Simplemachines 2 Simple Machine Forum, Simple Machines Forum 2024-09-11 5.4 Medium
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.