CVE-2024-7438

03.08.2024, 16:15

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Resource Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
VulDB	CNA	4.3 MEDIUM				CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Vendor	Product	Version
simplemachines	simple_machines_forum	2.1.4

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md

Common Weakness Enumeration

References

https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md

https://vuldb.com/?ctiid.273523

https://vuldb.com/?id.273523

https://vuldb.com/?submit.380190