CVE-2016-5726

CRITICAL

Simple Machines Forum <2.1 - Code Injection

Title source: llm
STIX 2.1

Description

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.

References (2)

Core 2
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/18/1
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/10/7

Scores

CVSS v3 9.8
EPSS 0.0157
EPSS Percentile 72.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
simplemachines/simple_machines_forum 2.1
Published Feb 09, 2017
Tracked Since Feb 18, 2026