Simple Machines

Simple Machines Forum

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2008-6741

Exploit
  • EPSS 0.13%
  • Veröffentlicht 21.04.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the a...

5.5

CVE-2008-6659

Exploit
  • EPSS 3.55%
  • Veröffentlicht 07.04.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of ...

4

CVE-2008-6658

  • EPSS 1.15%
  • Veröffentlicht 07.04.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter...

6.8

CVE-2008-6657

Exploit
  • EPSS 1.48%
  • Veröffentlicht 07.04.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package param...

7.5

CVE-2008-6544

Exploit
  • EPSS 1.27%
  • Veröffentlicht 30.03.2009 01:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[defa...

7.5

CVE-2008-3073

  • EPSS 0.33%
  • Veröffentlicht 08.07.2008 18:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to "use of the html-tag."

7.5

CVE-2008-3072

  • EPSS 0.3%
  • Veröffentlicht 08.07.2008 18:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors.

5

CVE-2007-5943

  • EPSS 0.25%
  • Veröffentlicht 14.11.2007 01:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message.

6.8

CVE-2007-5646

Exploit
  • EPSS 1.57%
  • Veröffentlicht 23.10.2007 21:47:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.

5.8

CVE-2007-3942

  • EPSS 0.25%
  • Veröffentlicht 21.07.2007 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parti...