CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-5726

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile22.68th
Published2017年2月9日
Last Modified2026年5月13日

Vulnerability Description

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.

Affected Platforms (CPE)

📦
Simplemachines

Simple Machines Forum

= 2.1

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2016/06/10/7
🔗 http://www.openwall.com/lists/oss-security/2016/06/18/1
🔗 http://www.openwall.com/lists/oss-security/2016/06/10/7
🔗 http://www.openwall.com/lists/oss-security/2016/06/18/1

関連する脆弱性情報

CVE-2011-112710.0

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allow...

CVE-2019-115749.8

An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.p...

CVE-2018-103059.8

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible...

CVE-2005-48919.8

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject a...