CVE-2022-26982

HIGH

SimpleMachinesForum <2.1.1 - Authenticated RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-26982. PoCs published by Sarang Tumne.

AI-analyzed exploit summary This exploit demonstrates an authenticated remote code execution vulnerability in SimpleMachinesForum v2.1.1 by injecting a reverse shell payload into the Admin.template.php file via the theme modification interface. The attacker gains a shell as the 'daemon' user upon triggering the payload.

Description

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sarang Tumne · textwebappsphp
https://www.exploit-db.com/exploits/51057

This exploit demonstrates an authenticated remote code execution vulnerability in SimpleMachinesForum v2.1.1 by injecting a reverse shell payload into the Admin.template.php file via the theme modification interface. The attacker gains a shell as the 'daemon' user upon triggering the payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SimpleMachinesForum v2.1.1
Auth required
Prerequisites: Admin credentials · Access to the administration panel · Network connectivity to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.2
EPSS 0.0893
EPSS Percentile 94.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
simplemachines/simple_machines_forum < 2.1.1
Published Apr 05, 2022
Tracked Since Feb 18, 2026