CVE-2005-4891

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1510%

EPSS Percentile17.86th

PublishedJan 15, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.

Affected Platforms (CPE)

📦

Simplemachines

Simple Machine Forum

<= 1.0.4

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2012/11/14/10

🔗 https://securiteam.com/exploits/5HP0N0KG0O/

🔗 http://www.openwall.com/lists/oss-security/2012/11/14/10

🔗 https://securiteam.com/exploits/5HP0N0KG0O/

Related Vulnerabilities

CVE-2011-112710.0

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allow...

CVE-2019-115749.8

An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.p...

CVE-2018-103059.8

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible...

CVE-2016-57269.8

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitr...