CVE-2024-7438

Name of the Vulnerable Software and Affected Versions SimpleMachines SMF version 2.1.4

Description A vulnerability has been found in the User Alert Read Status Handler component, specifically in the file /index.php?action=profile;u=2;area=showalerts;do=read. The manipulation of the aid argument leads to improper control of resource identifiers. This issue can be exploited remotely.

Recommendations For SimpleMachines SMF version 2.1.4, as a temporary workaround, consider restricting access to the /index.php?action=profile;u=2;area=showalerts;do=read endpoint until a patch is available. Avoid manipulating the aid argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.