Simplemachines

Simple Machines Forum

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-67163

  • EPSS 0.09%
  • Veröffentlicht 18.12.2025 20:16:08
  • Zuletzt bearbeitet 31.12.2025 19:58:37

A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter.

6.1

CVE-2025-2583

Exploit
  • EPSS 0.2%
  • Veröffentlicht 21.03.2025 06:31:06
  • Zuletzt bearbeitet 21.04.2025 13:15:57

A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to i...

5.4

CVE-2025-2582

Exploit
  • EPSS 0.2%
  • Veröffentlicht 21.03.2025 06:31:04
  • Zuletzt bearbeitet 21.04.2025 13:15:56

A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The at...

4.3

CVE-2024-7438

Exploit
  • EPSS 0.12%
  • Veröffentlicht 03.08.2024 16:15:49
  • Zuletzt bearbeitet 11.09.2024 14:39:12

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read St...

4.3

CVE-2024-7437

Exploit
  • EPSS 0.1%
  • Veröffentlicht 03.08.2024 15:15:58
  • Zuletzt bearbeitet 11.09.2024 14:39:10

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of th...

7.2

CVE-2022-26982

Exploit
  • EPSS 8.05%
  • Veröffentlicht 05.04.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:54:54

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators a...

6.1

CVE-2013-4395

  • EPSS 0.27%
  • Veröffentlicht 12.02.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 01:55:29

Simple Machines Forum (SMF) through 2.0.5 has XSS

4.9

CVE-2013-0192

  • EPSS 5.92%
  • Veröffentlicht 07.02.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 01:47:02

File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.

6.5

CVE-2019-12490

Exploit
  • EPSS 0.36%
  • Veröffentlicht 22.01.2020 06:15:10
  • Zuletzt bearbeitet 21.11.2024 04:22:57

An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links.

7.2

CVE-2009-5068

  • EPSS 3.27%
  • Veröffentlicht 15.01.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 01:11:06

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability all...