Simple Machines Simple Machines Forum — known CVE vulnerabilities
Every CVE whose affected-product data names Simple Machines Simple Machines Forum, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2008-6741 — CVSS 7.5 (high): SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL…
CVE-2005-4159 — CVSS 7.5 (high): NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum…
CVE-2006-4467 — CVSS 7.5 (high): Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a…
CVE-2006-7013 — CVSS 7.5 (high): QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the…
CVE-2007-3308 — CVSS 7.5 (high): Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which…
CVE-2007-3309 — CVSS 7.5 (high): Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or…
CVE-2008-3072 — CVSS 7.5 (high): Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random…
CVE-2008-3073 — CVSS 7.5 (high): Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors…
CVE-2008-6544 — CVSS 7.5 (high): Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP…
CVE-2007-5646 — CVSS 6.8 (medium): SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to…
CVE-2008-6657 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows…
CVE-2007-2546 — CVSS 6.8 (medium): Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting…
CVE-2007-0399 — CVSS 6.0 (medium): Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to…
CVE-2007-3942 — CVSS 5.8 (medium): Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via…
CVE-2008-6659 — CVSS 5.5 (medium): Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote…
CVE-2005-2817 — CVSS 5.0 (medium): Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor…
CVE-2007-5943 — CVSS 5.0 (medium): Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the…
CVE-2006-5504 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script…
CVE-2006-5503 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary…
CVE-2006-0896 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject…
CVE-2008-6658 — CVSS 4.0 (medium): Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote…