RCE in Simplemachines Simple_machines_forum
CVE-2016-5727
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.015 (71.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Simplemachines Simple_machines_forum — versions 2.1
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
- cve@mitre.org (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
- cve@mitre.org (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
Frequently asked questions
- What is CVE-2016-5727?
- CVE-2016-5727 is a high-severity vulnerability in Simplemachines Simple_machines_forum, classified under Code Injection. CVSS score: 8.8/10. Published 2017-02-09.
- How severe is CVE-2016-5727?
- High severity. CVSS v3 base score is 8.8 out of 10.