VYPR

Simple Machines Forum

by Simple Machines

CVEs (42)

  • CVE-2005-4159Dec 11, 2005
    risk 0.00cvss epss 0.01

    NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that…

  • CVE-2005-2817Sep 7, 2005
    risk 0.00cvss epss 0.02

    Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.

Page 3 of 3