{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-7437","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-08-02T21:22:25.233Z","datePublished":"2024-08-03T14:31:04.930Z","dateUpdated":"2024-08-10T06:26:10.103Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-08-10T06:26:10.103Z"},"title":"SimpleMachines SMF Delete User index.php resource injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-99","lang":"en","description":"CWE-99 Improper Control of Resource Identifiers"}]}],"affected":[{"vendor":"SimpleMachines","product":"SMF","versions":[{"version":"2.1.4","status":"affected"}],"modules":["Delete User Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine Schwachstelle in SimpleMachines SMF 2.1.4 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /index.php?action=profile;u=2;area=showalerts;do=remove der Komponente Delete User Handler. Durch das Manipulieren des Arguments aid mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":5.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.4,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.5,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P"}}],"timeline":[{"time":"2024-08-02T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-08-02T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-08-10T08:31:03.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Fewwords (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.273522","name":"VDB-273522 | SimpleMachines SMF Delete User index.php resource injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.273522","name":"VDB-273522 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.380189","name":"Submit #380189 | SimpleMachines SMF 2.1.4 Insecure Direct Object Reference","tags":["third-party-advisory"]},{"url":"https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md","tags":["exploit"]}]},"adp":[{"affected":[{"vendor":"simplemachines","product":"simple_machine_forum","cpes":["cpe:2.3:a:simplemachines:simple_machine_forum:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"2.1.4","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-06T14:21:49.377339Z","id":"CVE-2024-7437","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-06T14:24:08.526Z"}}]}}