[{"vendor":"simplemachines","product":"simple_machine_forum","defaultStatus":"unknown","cpes":["cpe:2.3:a:simplemachines:simple_machine_forum:-:*:*:*:*:*:*:*"],"versions":[{"version":"2.1.4","status":"affected"}]}]

{"timestamp":"2024-08-06T14:21:49.377339Z","id":"CVE-2024-7437","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"SimpleMachines","product":"SMF","modules":["Delete User Handler"],"versions":[{"version":"2.1.4","status":"affected"}]}]

NIST AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

NIST CWE-639

OR
     *cpe:2.3:a:simplemachines:simple_machines_forum:2.1.4:*:*:*:*:*:*:*

https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md No Types Assigned

https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md Exploit, Third Party Advisory

https://vuldb.com/?ctiid.273522 No Types Assigned

https://vuldb.com/?ctiid.273522 Permissions Required, VDB Entry

https://vuldb.com/?id.273522 No Types Assigned

https://vuldb.com/?id.273522 Permissions Required, VDB Entry

https://vuldb.com/?submit.380189 No Types Assigned

https://vuldb.com/?submit.380189 Third Party Advisory, VDB Entry

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273522 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273522 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

VulDB CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

VulDB AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

VulDB (AV:N/AC:L/Au:S/C:N/I:P/A:P)

VulDB CWE-99

VulDB https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md [No types assigned]

VulDB https://vuldb.com/?ctiid.273522 [No types assigned]

VulDB https://vuldb.com/?id.273522 [No types assigned]

VulDB https://vuldb.com/?submit.380189 [No types assigned]