Vulnerabilities (CVE)

Filtered by vendor Simplemachines Subscribe
Filtered by product Simple Machine Forum
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11574 1 Simplemachines 1 Simple Machine Forum 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.
CVE-2005-4891 1 Simplemachines 1 Simple Machine Forum 2024-02-28 7.5 HIGH 9.8 CRITICAL
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.