An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.
References
Link | Resource |
---|---|
https://pastebin.com/raw/prE3iiLm | Exploit Third Party Advisory |
https://www.simplemachines.org/community/index.php?board=1.0 | Release Notes Vendor Advisory |
Configurations
Information
Published : 2020-03-20 16:15
Updated : 2020-03-25 06:22
NVD link : CVE-2019-11574
Mitre link : CVE-2019-11574
JSON object : View
CWE
CWE-918
Server-Side Request Forgery (SSRF)
Products Affected
simplemachines
- simple_machine_forum