CyberSec.Space Logo
Back to CVE Browser

CVE-2019-11574

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0250%
EPSS Percentile38.09th
PublishedMar 20, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.

Affected Platforms (CPE)

πŸ“¦
Simplemachines

Simple Machine Forum

< 2.0.17

References & Advisories

πŸ”— https://pastebin.com/raw/prE3iiLm
πŸ”— https://www.simplemachines.org/community/index.php?board=1.0
πŸ”— https://pastebin.com/raw/prE3iiLm
πŸ”— https://www.simplemachines.org/community/index.php?board=1.0

Related Vulnerabilities

CVE-2011-112710.0

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allow...

CVE-2005-48919.8

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject a...

CVE-2018-103059.8

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible...

CVE-2016-57269.8

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitr...