An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.
References
Link | Resource |
---|---|
https://pastebin.com/raw/prE3iiLm | Exploit Third Party Advisory |
https://www.simplemachines.org/community/index.php?board=1.0 | Release Notes Vendor Advisory |
Configurations
History
No history.
Information
Published : 2020-03-20 23:15
Updated : 2024-02-28 17:47
NVD link : CVE-2019-11574
Mitre link : CVE-2019-11574
CVE.ORG link : CVE-2019-11574
JSON object : View
Products Affected
simplemachines
- simple_machine_forum
CWE
CWE-918
Server-Side Request Forgery (SSRF)