CVE-2024-7437: SimpleMachines SMF Delete User index.php resource injection
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2024-7437?
CVE-2024-7437 has been classified as critical due to its potential impact on system security.
How can I fix CVE-2024-7437?
To fix CVE-2024-7437, update your Simple Machines Forum software to version 2.1.5 or later.
Which version of Simple Machines Forum is affected by CVE-2024-7437?
CVE-2024-7437 affects Simple Machines Forum version 2.1.4.
What component is vulnerable in CVE-2024-7437?
The vulnerability in CVE-2024-7437 lies in the Delete User Handler component of the application's profile management.
What type of vulnerability is CVE-2024-7437?
CVE-2024-7437 is categorized as an improper input validation vulnerability that can be exploited through user profile management actions.