CVE-2005-4891

CRITICAL

Simple Machine Forum <1.0.4 - SQL Injection

Title source: llm

Description

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GulfTech Security · perlwebappsphp

https://www.exploit-db.com/exploits/1057

View Code ZIP pw:eip

References (2)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2012/11/14/10

[Exploit, Third Party Advisory] https://securiteam.com/exploits/5HP0N0KG0O/

Scores

CVSS v3 9.8

EPSS 0.0037

EPSS Percentile 58.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

simplemachines/simple_machine_forum < 1.0.4

Published Jan 15, 2020

Tracked Since Feb 18, 2026