CVE-2024-7437

Name of the Vulnerable Software and Affected Versions SimpleMachines SMF version 2.1.4

Description A critical issue was found in the Delete User Handler component, specifically in the file /index.php?action=profile;u=2;area=showalerts;do=remove. The manipulation of the aid argument leads to improper control of resource identifiers, allowing for remote attacks. The exploit has been publicly disclosed and may be used, potentially resulting in unauthorized access and system compromise.

Recommendations For SimpleMachines SMF version 2.1.4, patch immediately to prevent exploitation. Additionally, monitor for exploit attempts to minimize the risk of unauthorized access and system compromise. As a temporary workaround, consider restricting access to the Delete User Handler component or disabling the manipulation of the aid argument until a patch is applied.