PHP Object Injection Vulnerability in Simple Machines Forum Software
CVE-2016-5727

8.8HIGH

Key Information:

Vendor

Simplemachines

Status
Simple Machines Forum
Vendor
CVE Published:
9 February 2017

What is CVE-2016-5727?

The PHP object injection vulnerability present in Simple Machines Forum (SMF) version 2.1 allows attackers to exploit user input variables within a foreach loop. This flaw enables remote attackers to execute arbitrary PHP code, potentially compromising the integrity and functionality of the affected system. It is essential for users of SMF to apply necessary patches and updates to secure their installations against this exploit.

References

https://github.com/SimpleMachines/SMF2.1/issues/3522
x_refsource_CONFIRM
https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/06/18/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.