Simple Machines Forum
CVE-2013-7236
HIGH
Severity by source
AV:N/AC:L/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.
AnalysisAI
Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. Affected products include: Simplemachines Simple Machines Forum.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Simple Machines Forum
View allSimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and exec
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use th
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Rated medium severity (CVSS 5.
A vulnerability was found in SimpleMachines SMF 2.1.4. Rated medium severity (CVSS 5.1), this vulnerability is remotely
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and exec
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users vi
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks v
A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.1), t
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today