返回 CVE 瀏覽器

CVE-2019-11574

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0250%

EPSS Percentile38.09th

Published2020年3月20日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.

Affected Platforms (CPE)

📦

Simplemachines

Simple Machine Forum

< 2.0.17

References & Advisories

🔗 https://pastebin.com/raw/prE3iiLm

🔗 https://www.simplemachines.org/community/index.php?board=1.0

🔗 https://pastebin.com/raw/prE3iiLm

🔗 https://www.simplemachines.org/community/index.php?board=1.0

相關漏洞威脅

CVE-2011-112710.0

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allow...

CVE-2005-48919.8

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject a...

CVE-2018-103059.8

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible...

CVE-2016-57269.8

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitr...