CVE-2011-3615
published 2011-10-24CVE-2011-3615: Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.14%
62.7th percentile
Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simplemachines | smf | <= 1.1.14 | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
| simplemachines | smf | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hwcm-xf66-v6mm: Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1
ghsa_unreviewed·2022-05-17
CVE-2011-3615 [HIGH] CWE-89 GHSA-hwcm-xf66-v6mm: Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1
Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-gj7r-xvvj-mxwm: Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2011-4173 [HIGH] CWE-352 GHSA-gj7r-xvvj-mxwm: Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2
Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://openwall.com/lists/oss-security/2011/10/09/3http://openwall.com/lists/oss-security/2011/10/10/6http://secunia.com/advisories/46386http://www.simplemachines.org/community/index.php?topic=452888.0https://exchange.xforce.ibmcloud.com/vulnerabilities/70617http://openwall.com/lists/oss-security/2011/10/09/3http://openwall.com/lists/oss-security/2011/10/10/6http://secunia.com/advisories/46386http://www.simplemachines.org/community/index.php?topic=452888.0https://exchange.xforce.ibmcloud.com/vulnerabilities/70617
2011-10-24
Published