CVE-2016-5727

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.

Published: Feb 9, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-5727
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
simplemachines / simple_machines_forum	2.1	2.1.x

http://www.openwall.com/lists/oss-security/2016/06/10/7
http://www.openwall.com/lists/oss-security/2016/06/18/1
https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
https://github.com/SimpleMachines/SMF2.1/issues/3522

Vulnerability Database

289,782

CVE-2016-5727