CVE-2024-7438

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-7438

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7438.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-7438

Published

2024-08-03T16:15:49.270Z

Modified

2025-11-16T11:57:29.879571Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/simplemachines/smf

Affected ranges

Type: GIT
Repo: https://github.com/simplemachines/smf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

19a9de63d8b895c6f931137bba09c3d5a79caf52

Affected versions

2.*

2.1beta1

v2.*

v2.1-beta.1

v2.1-beta.2

v2.1-beta.3

v2.1-rc.1

v2.1-rc.2

v2.1-rc.3

v2.1-rc.4

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7438.json"