PT-2017-8752 · Simple Machines · Simple Machines Forum

Scott Arciszewski

Published

2017-02-09

Updated

2017-02-23

CVE-2016-5726

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) version 2.1

Description The issue allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.

Recommendations For Simple Machines Forum (SMF) version 2.1, update to a version that fixes this issue to prevent PHP object injection attacks.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2016-5726

Affected Products

Simple Machines Forum

PT-2017-8752 · Simple Machines · Simple Machines Forum

CVE-2016-5726

Weakness Enumeration

Related Identifiers

Affected Products

References · 4