CVE-2024-7438

Source
https://cve.org/CVERecord?id=CVE-2024-7438
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7438.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-7438
Published
2024-08-03T15:31:03.669Z
Modified
2026-07-15T01:49:01.200965160Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
SimpleMachines SMF User Alert Read Status index.php resource injection
Details

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Database specific
{
    "cwe_ids": [
        "CWE-99"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/7xxx/CVE-2024-7438.json",
    "cna_assigner": "VulDB",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2.1.4"
                },
                {
                    "last_affected": "2.1.4"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/simplemachines/smf

Affected ranges

Type
GIT
Repo
https://github.com/simplemachines/smf
Events
Database specific
{
    "cpe": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1.4:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.1.4"
        },
        {
            "last_affected": "2.1.4"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

2.*
2.1.4
v2.*
v2.1.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7438.json"