Simplemachines: >> Simple Machine Forum >> 1.0 Security Vulnerabilities
An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.
CVSS Score
9.8
EPSS Score
0.007
Published
2020-03-20
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-01-15