CVE-2024-7438: SimpleMachines SMF User Alert Read Status index.php resource injection
First published: Sat Aug 03 2024(Updated: )
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Simplemachines Simple Machines Forum | =2.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- vendor/simplemachines
- canonical/simplemachines simple machines forum
- version/simplemachines simple machines forum/2.1.4