返回 CVE 浏览器

CVE-2016-5726

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1090%

EPSS Percentile22.68th

Published2017年2月9日

Last Modified2026年5月13日

Vulnerability Description

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.

Affected Platforms (CPE)

📦

Simplemachines

Simple Machines Forum

= 2.1

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2016/06/10/7

🔗 http://www.openwall.com/lists/oss-security/2016/06/18/1

🔗 http://www.openwall.com/lists/oss-security/2016/06/10/7

🔗 http://www.openwall.com/lists/oss-security/2016/06/18/1

相关漏洞威胁

CVE-2011-112710.0

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allow...

CVE-2019-115749.8

An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.p...

CVE-2018-103059.8

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible...

CVE-2005-48919.8

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject a...