PHP Object Injection Vulnerability in Simple Machines Forum Software
CVE-2016-5726

9.8CRITICAL

Key Information:

Vendor: Simplemachines
Status: Simple Machines Forum
Vendor: CVE Published:; 9 February 2017

🔔 Create Simplemachines Vulnerability Alert

What is CVE-2016-5726?

The vulnerability in Simple Machines Forum (SMF) 2.1 allows attackers to exploit PHP object injection via the themechanges array parameter. This flaw enables remote attackers to execute arbitrary PHP code, potentially leading to unauthorized access or data manipulation. Security measures should be implemented to validate and sanitize user inputs to mitigate this risk.

References

http://www.openwall.com/lists/oss-security/2016/06/18/1

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2016/06/10/7

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2017
Vulnerability Reserved
Jun 18, 2016