In this week I will publish few new informations about vulnerabilities I found.
For example full technical details about vulnerable (latest) version of SMF 2.0.4 will be available after contact with vendor.
I see that in some cases there is a possibility to drop a (web)shell via CSRF attack.
Post will be updated, so...
See you soon! ;)