Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Simple Machines Forum安全绕过漏洞
Vulnerability Description
Simple Machines Forum (SMF)1.0.14之前的1.0.x版本,1.1.6之前的1.1.x版本以及2.0 beta 4之前的2.0版本中的密码重置功能在隐藏格式字段内放入关于随机数字生成器的线索和生成可预测的确认代码,这使得远程攻击者可以修改其他用户的密码和获得特权。
CVSS Information
N/A
Vulnerability Type
N/A