CVE-2024-7437

CVSS 2.0 Score 5.5 of 10 (medium)

Details

Published Aug 3, 2024

Updated: Aug 12, 2024

CWE ID 99

Summary

CVE-2024-7437 is a critical vulnerability affecting SimpleMachines SMF 2.1.4. The issue lies within the Delete User Handler component, specifically the /index.php?action=profile;u=2;area=showalerts;do=remove file. The vulnerability stems from an unknown function where improper handling of resource identifiers occurs due to manipulation of the aid argument. This flaw can be exploited remotely, making it a significant threat. The exploit for this vulnerability has already been disclosed to the public, increasing the risk for potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xb0FZw
https://www.cve.org/CVERecord?id=CVE-2024-7437
https://nvd.nist.gov/vuln/detail/CVE-2024-7437

Back to Vulnerability Database

CVE-2024-7437

CVSS 2.0 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations