Product

Simple Machines Forum 1.1.14


View All Versions

Security Grade

436

of 1000

SECURITY GRADE

Vulnerability History

Weakness Analysis

Related Vulnerabilities

Vulnerability Severity Score Release Date Summary
CVE-2013-4465 4.6 Oct. 25, 2013

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

CVE-2013-7235 7.5 April 29, 2014

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters.

CVE-2013-7236 7.5 April 29, 2014

Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.

CVE-2013-7234 4.3 April 29, 2014

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.

Followers