Description
Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/30/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/30/3
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Dec/83
Various Sources x_refsource_misc
http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/
Scores
EPSS
0.0153
EPSS Percentile
71.7%
Details
CWE
CWE-20
Status
published
Products (37)
simplemachines/simple_machines_forum
1.0 (7 CPE variants)
simplemachines/simple_machines_forum
1.0.1
simplemachines/simple_machines_forum
1.0.2
simplemachines/simple_machines_forum
1.0.3
simplemachines/simple_machines_forum
1.0.4
simplemachines/simple_machines_forum
1.0.5
simplemachines/simple_machines_forum
1.0.6
simplemachines/simple_machines_forum
1.0.7
simplemachines/simple_machines_forum
1.0.8
simplemachines/simple_machines_forum
1.0.9
... and 27 more
Published
Apr 29, 2014
Tracked Since
Feb 18, 2026