CVE-2024-7437 | SimpleMachines SMF 2.1.4 Delete User index.php aid resource injection

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers.

This vulnerability is traded as CVE-2024-7437. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7437 | SimpleMachines SMF 2.1.4 Delete User index.php aid resource injection

Related Posts

CVE-2024-26266 | Liferay Portal/DXP first name/middle name/last name cross site scripting

CVE-2024-23514 | ClickToTweet Click To Tweet Plugin up to 2.0.14 on WordPress cross site scripting

CVE-2024-34164 | Intel MAS Software 2.3 uncontrolled search path (intel-sa-01161)

CVE-2021-47288 | Linux Kernel up to 5.13.5 media string.h ngene_command_config_free_buf array index