Simplemachines Simple Machine Forum — known CVE vulnerabilities
Every CVE whose affected-product data names Simplemachines Simple Machine Forum, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2005-4891 — CVSS 9.8 (critical): Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary…
CVE-2019-11574 — CVSS 9.8 (critical): An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php…