The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.
References
Link | Resource |
---|---|
https://www.simplemachines.org/community/index.php?topic=557176.0 | Issue Tracking Vendor Advisory |
Configurations
Information
Published : 2018-04-23 19:29
Updated : 2019-10-02 17:03
NVD link : CVE-2018-10305
Mitre link : CVE-2018-10305
JSON object : View
CWE
Products Affected
simplemachines
- simple_machines_forum