CyberSec.Space Logo
CVEブラウザに戻る

CVE-2005-4891

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile17.86th
Published2020年1月15日
Last Modified2024年11月21日

Vulnerability Description

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.

Affected Platforms (CPE)

📦
Simplemachines

Simple Machine Forum

<= 1.0.4

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2012/11/14/10
🔗 https://securiteam.com/exploits/5HP0N0KG0O/
🔗 http://www.openwall.com/lists/oss-security/2012/11/14/10
🔗 https://securiteam.com/exploits/5HP0N0KG0O/

関連する脆弱性情報

CVE-2011-112710.0

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allow...

CVE-2019-115749.8

An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.p...

CVE-2018-103059.8

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible...

CVE-2016-57269.8

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitr...