Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HSimplemachines Simple Machines Forum
APPSimplemachines2.0.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2018-10305CRITICAL9.8ten sam produkt
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not prope...
CVE-2016-5726CRITICAL9.8ten sam produkt
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attack...
CVE-2022-26982HIGH7.2ten sam produkt
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by ...
CVE-2009-5068HIGH7.2ten sam produkt
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On ...
CVE-2013-7466HIGH8.8ten sam produkt
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in instal...