CVE-2024-7437

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-7437

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7437.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7437

Published

2024-08-03T15:15:58Z

Modified

2024-10-08T04:25:20.336791Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/simplemachines/smf

Affected ranges

Type: GIT
Repo: https://github.com/simplemachines/smf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

19a9de63d8b895c6f931137bba09c3d5a79caf52

Affected versions

2.*

2.1beta1

v2.*

v2.1-beta.1

v2.1-beta.2

v2.1-beta.3

v2.1-rc.1

v2.1-rc.2

v2.1-rc.3

v2.1-rc.4

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4