exploitDog

CVE-2018-10305

Опубликовано: 24 апр. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.

Ссылки

https://www.simplemachines.org/community/index.php?topic=557176.0
Issue Tracking
Vendor Advisory
https://www.simplemachines.org/community/index.php?topic=557176.0
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*

Версия до 2.0.15 (исключая)

EPSS

Процентиль: 60%

0.004

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-qchh-6285-3cqf

CVSS3: 9.8

github

больше 3 лет назад

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.

EPSS

Процентиль: 60%

0.004

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo