Shodan
Vulnerabilities
Vulnerable Software
Simplemachines:  Security Vulnerabilities
CVE-2009-5068
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.
CVSS Score
7.2
EPSS Score
0.031
Published
2020-01-15
CVE-2005-4891
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-01-15
CVE-2013-7466
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
CVSS Score
8.8
EPSS Score
0.014
Published
2019-03-07
CVE-2013-7467
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-07
CVE-2013-7468
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
CVSS Score
8.1
EPSS Score
0.005
Published
2019-03-07
CVE-2018-10305
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-04-24
CVE-2016-5726
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-02-09
CVE-2016-5727
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-02-09
CVE-2013-7234
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-04-29
CVE-2013-7235
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters.
CVSS Score
7.5
EPSS Score
0.007
Published
2014-04-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved