CVE-2024-7438 | SimpleMachines SMF 2.1.4 User Alert Read Status index.php aid resource injection

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers.

This vulnerability is known as CVE-2024-7438. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7438 | SimpleMachines SMF 2.1.4 User Alert Read Status index.php aid resource injection

Post correlati

CVE-2024-8611 | itsourcecode Tailoring Management System 1.0 ssms.php customer sql injection

CVE-2024-25101 | Maspik Spam Blacklist Plugin up to 0.10.6 on WordPress Setting cross site scripting

CVE-2023-4464 | Poly CCX 400/CCX 600/Trio 8800/Trio C60 Diagnostic Telnet Mode os command injection (MZ-23-01)

CVE-2023-52603 | Linux Kernel up to 6.7.3 UBSAN fs/jfs/jfs_dtree.c array index