CyberSec.Space Logo
Back to CVE Browser

CVE-2016-5726

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile22.68th
PublishedFeb 9, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.

Affected Platforms (CPE)

πŸ“¦
Simplemachines

Simple Machines Forum

= 2.1

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2016/06/10/7
πŸ”— http://www.openwall.com/lists/oss-security/2016/06/18/1
πŸ”— http://www.openwall.com/lists/oss-security/2016/06/10/7
πŸ”— http://www.openwall.com/lists/oss-security/2016/06/18/1

Related Vulnerabilities

CVE-2011-112710.0

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allow...

CVE-2019-115749.8

An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.p...

CVE-2018-103059.8

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible...

CVE-2005-48919.8

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject a...