Skip to main content

Simple Machines Forum CVE-2013-7234

MEDIUM
Improper Input Validation (CWE-20)
2014-04-29 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 29, 2014 - 14:38 cve.org
MEDIUM 4.3

DescriptionCVE.org

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.

AnalysisAI

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. Affected products include: Simplemachines Simple Machines Forum. Version information: before 1.1.19.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-26982 HIGH POC
7.2 Apr 05

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting

CVE-2016-5726 CRITICAL
9.8 Feb 09

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and exec

CVE-2018-10305 CRITICAL
9.8 Apr 24

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use th

CVE-2024-7438 MEDIUM POC
5.3 Aug 03

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.

CVE-2024-7437 MEDIUM POC
5.3 Aug 03

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Rated medium severity (CVSS 5.

CVE-2025-2583 MEDIUM POC
5.1 Mar 21

A vulnerability was found in SimpleMachines SMF 2.1.4. Rated medium severity (CVSS 5.1), this vulnerability is remotely

CVE-2016-5727 HIGH
8.8 Feb 09

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and exec

CVE-2013-7235 HIGH
7.5 Apr 29

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users vi

CVE-2013-7236 HIGH
7.5 Apr 29

Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unic

CVE-2013-4465 MEDIUM
4.6 Oct 25

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1

CVE-2025-2582 MEDIUM POC
5.1 Mar 21

A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.1), t

Share

CVE-2013-7234 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy