A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
| Link | Tags |
|---|---|
| https://vuldb.com/?id.273523 | vdb entry permissions required technical description |
| https://vuldb.com/?ctiid.273523 | signature vdb entry permissions required |
| https://vuldb.com/?submit.380190 | third party advisory vdb entry |
| https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md | third party advisory exploit |