CVE-2024-7437 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.4 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
VulDB	CNA	5.4 MEDIUM				CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 38%

Vendor	Product	Version
simplemachines	simple_machines_forum	2.1.4

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md

Common Weakness Enumeration

CWE-99 - Improper Control of Resource Identifiers ('Resource Injection')
The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
CWE-639 - Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References

https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md

https://vuldb.com/?ctiid.273522

https://vuldb.com/?id.273522

https://vuldb.com/?submit.380189