Submit #380190: SimpleMachines SMF 2.1.4 Insecure Direct Object Referenceinfo

TitleSimpleMachines SMF 2.1.4 Insecure Direct Object Reference
DescriptionSMF v2.1.4 suffers from IDOR - Broken Access Control Vulnerability allowing attackers to mark other user's alerts as read or unread(horizontal privilege escalation).
Source⚠️ https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md
User
 Fewwords (UID 42682)
Submission07/25/2024 17:01 (2 years ago)
Moderation08/02/2024 23:22 (8 days later)
StatusAccepted
VulDB entry273523 [SimpleMachines SMF 2.1.4 User Alert Read Status aid resource injection]
Points15

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!