CVE-2016-5727

HIGH

Simple Machines Forum <2.1 - Code Injection

Title source: llm
STIX 2.1

Description

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.

References (4)

Core 4
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/SimpleMachines/SMF2.1/issues/3522
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/18/1
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/10/7

Scores

CVSS v3 8.8
EPSS 0.0153
EPSS Percentile 71.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
simplemachines/simple_machines_forum 2.1
Published Feb 09, 2017
Tracked Since Feb 18, 2026